The list of files modified (to add telemetry hooks?) in kb 3080149 is crazy. NTOSKrnl, NtDll, Lsass, winload.exe etc... Are they really adding spyware/telemetry hooks all the way down to the kernel? What happens next time there's a security patch for the kernel, do we get an ntoskrnl with all these "optional updates" included as well?
I submitted a story to Boing Boing (at http://boingboing.net/2015/08/10/windows-10.html) about the weird experience I had after upgrading my son's laptop from Windows 8.1 to 10. We did this on a Saturday, and Monday morning I had a "family safety report" email from Microsoft detailing which websites he'd visited, which apps he'd used (and for how long), etc. since the upgrade.
> On Windows 10, you’ll need a Microsoft account in order to use Microsoft family whether you’re a part of a family as an adult or a child. When kids are added to a Microsoft family with a Microsoft account, any time they sign in to a Windows 10 device, their settings will be applied and their activity will be reported to the adults in their family. Adults can always turn off activity reporting or remove kids from the Microsoft family at account.microsoft.com/family.
By default, unless you log in and explicitly disable it, Windows 10 collects kids' usage activity and uploads it to Microsoft's servers. Presumably the same mechanism is disabled for adults. Presumably.
I definitely didn't enable it, and I'm sure my son didn't check any "narc me out to my parents" checkbox.
Edit: we already had a family account set up for our Xbox. I suspect that's how Microsoft determined that the emails should go to me.
Wow that's insane! And I'm glad you're an awesome parent. You should post a anonymised screenshot of that email sometime if you can, this is pretty ridiculous.
By default, unless you log in and explicitly disable it, Windows 10 collects kids' usage activity and uploads it to Microsoft's servers. Presumably the same mechanism is disabled for adults. Presumably.
And this is legal under COPPA? If so, the law needs to be fixed sooner rather than later.
This looks like a deliberately misleading and overblown claim to me. Looking at the knowledge base articles, we see that the diagnostics tracking service is enabled only for users who already participate in the customer experience program (a very clear option when setting up Windows for the first time:
- KB3080149: "The diagnostics tracking service collects diagnostics about functional issues on Windows systems that participate in the Customer Experience Improvement Program (CEIP)."
The second update is short on details, but it's specifically targeting the UAC "Run as Administrator" dialog (which is implemented by consent.exe), presumably to collect information on unsigned applications which request admin privileges. Microsoft should provide further details here for sure, but I see nothing nefarious. One might guess that the information collected here might be the hash of the exe requesting admin privileges.
- KB3075249: "This update adds telemetry points to the User Account Control (UAC) feature to collect information on elevations that come from low integrity levels."
Compare this with the ridiculous claim in the article that this is "allowing for remote monitoring of everything that happens within the operating system."
Windows 10 has been launched and already installed on more than 50 million computers worldwide. It is now a known fact that Windows 10 user data is being sent back to Microsoft servers back in Redmond, Washington. Well, now new updates that are being deployed to all Windows 7, 8 and 8.1 machines will turn their computers into a big piece of spyware, just like their predecessor, Windows 10.
The updates in question are KB3075249 and KB3080149. if installed, these updates are known to report your data back to Microsoft servers, without user interaction. KB3075249 Microsoft Update adds telemetry points to ‘consent.exe’ in Windows 7, 8 and 8.1, allowing for remote monitoring of everything that happens within the operating system. KB3080149 ensures that all “down-level devices” receive the same updates and treatment as Windows 10 boxes get.
As you would guess, forums are lit up with speculation on these updates and more. Below you can find a list of other Windows updates that some users have questioned. Please keep in mind, avoiding some or all of these updates may cause your environment to be unstable and/or unsecure.
KB2505438KB2670838 – Windows 7 Only (corrupts AERO and blurry fonts on some websites)KB2952664KB2976978 – Windows 8 onlyKB3021917KB3035583KB3075249
"This package updates the Diagnostics and Telemetry tracking service to existing devices. This service provides benefits from the latest version of Windows to systems that have not yet upgraded. The update also supports applications that are subscribed to Visual Studio Application Insights."
"This article describes an update that adds telemetry points to consent.exe in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1."
Never do updates again (which is what I will be doing this evening) and make system perm insecure
Or let MS and the NSA rape me for even more data than they already have
Go [insert abusive word] yourself Microsoft and to think just last week I got a 3rd windows 7 license because I was planning to stay on 7 long term and not upgrade to 10.
Steam hopefully will push linux gaming that i can finally get rid of this crap.
kb2976978 - "...performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program..." (https://support.microsoft.com/en-us/kb/2976978)
For those who don't speak Czech:
-It sends all text you type anywhere (not just into search) every 30 minutes to MS. If you type about a holiday to your blog, next day you'll see holiday ads.
-Every 30 minutes it sends your geo-location and network information.
-If you type a telephone number into Edge it sends it to MS after 5 minutes.
-If you type anywhere in Windows a name of some movie, Windows will start indexing all your media files after a while and will send it to MS after 30 minutes of your inactivity.
-After installing W10, it will send about 35MB of data once.
-After turning on your webcam for the first time it sends data to microsoft once.
-Everything you say is transferred to MS, it works even if you disable and remove and uninstall cortana. Parts of Cortana are needed for the core of the OS to run.
-Voice is transferred every 15 min, 80MB of data.
-After 15 minutes of your inactivity or when screensaver is on, network activity ramps up and everything else is being sent to MS.
-Blocking in hosts doesn't work, IPs are hardcoded into their code and DLLs.
Is any of this verified? During a previous posting of this it was largely dismissed as propaganda [1]. If someone has reproduced these findings that would be very interesting.
What would be even more interesting would be for someone to intercept the spying data that is being sent back so we know for sure what's being sent.
Shit, that may just have changed my opinion on this. Is the first one really correct? Anything we type on a PC anywhere? So if I open up tor and load a site it's basically useless because any url I type in tor will go to ms anyways? WTF? Each and every one of those is completely unacceptable.
Anyone know about any good unix distros that wont be too much of a culture shock to someone who has used windows his entire life?
No one has verified this. Sorry, but this list is just fearmongering. It would be good if we could focus on the facts here. There's a real issue here and it helps to be honest.
>-If you type anywhere in Windows a name of some movie, Windows will start indexing all your media files after a while and will send it to MS after 30 minutes of your inactivity.
This one really hard to believe. All the others are kind of believable.
>-After 15 minutes of your inactivity or when screensaver is on, network activity ramps up and everything else is being sent to MS.
Call me naive, but some of these, especially the first, seem borderline illegal and I doubt that even in their greediest hour Microsoft would dare to implement this shit. If this is true, I'm sure they could be sued on quite a monumental scale.
I've seen a lot of posts about people worrying about personal privacy, as they should be! Right now I'm actually curious about the business implications. Is data going back to Microsoft? Should we be banning Windows for developers, finance, customer support? I'm worried about personally identifiable information (PII) leaking out of our company. Also developers still handle credentials with access to production systems, AWS, sometimes SSL certs. This data cannot be sent out of the network. What is the impact for businesses?
That's what happens when a single vendor has more than 95% shares of a market. There is no competition , where the hell people using Windows software are going to run ? I'm really angry at this. What's the difference between this and a spyware / key logger / trojan ? there is none conceptually.
I sincerely hope it backfires because it's just insane. If MS wants to collect on my hard drive or log my key strokes , it should ask for my approval first and not hide it behind a license.
People are outraged with the AM hack scandal, well nothing guarantees that MS will never be hacked. And when a database like this get hacked , every windows user data will be in the wild. That's just crazy. Is the the "new microsoft" , a lot of HNers like to boast about ? Same as the old one.
Microsoft has already raised our suspicions by offering Windows 10 upgrades for free. As a result, we're perfectly primed to believe the worst about these updates.
Microsoft needs to do something convincing to reassure it's users or Windows 10 will likely become synonymous with "Big Brother" regardless of what's actually going on.
To reiterate, we're leaving territory in which it would have been reasonable to "do nothing and hope it all blows over". MS needs to respond quickly or they're going to have another dud release on their hands, in spite of giving it away for free.
No wonder they intend to no longer describe what's in an update... Only using Windows in a VM still. Just set the network connection host-only. Didn't really need internet there anyway, and given these circumstances, I might as well get rid of it completely. I guess any inclination I had to think Microsoft is on the way up just vanished again. Too bad it also means I'm probably going to throw away my plans of diving into F#. Open source, but still too tied to this company I'd better just give up on.
This news is another nail in the coffin. The pattern I can see among my peers and my small market is that people are more and more uneasy with using the web for sharing valuable info and data, both on public and private networks. They prefer face-to-face meetings and paper docs. Food for thought and some ground for new startups maybe.
[+] [-] jsingleton|10 years ago|reply
Here are the KB links from an earlier discussion (https://news.ycombinator.com/item?id=10110316). Thanks vetinari.
https://support.microsoft.com/en-gb/kb/3068708
https://support.microsoft.com/en-gb/kb/3075249
https://support.microsoft.com/en-gb/kb/3080149
Also found:
https://support.microsoft.com/en-gb/kb/2976978
[+] [-] 0x0|10 years ago|reply
[+] [-] alinspired|10 years ago|reply
systeminfo|findstr /LI "3068708 3075249 3080149 2976978"
[+] [-] JimmaDaRustla|10 years ago|reply
Nothing seems malicious, but you never know.
[+] [-] kstrauser|10 years ago|reply
According to Microsoft's Family Safety FAQ (https://account.microsoft.com/family/faq/):
> On Windows 10, you’ll need a Microsoft account in order to use Microsoft family whether you’re a part of a family as an adult or a child. When kids are added to a Microsoft family with a Microsoft account, any time they sign in to a Windows 10 device, their settings will be applied and their activity will be reported to the adults in their family. Adults can always turn off activity reporting or remove kids from the Microsoft family at account.microsoft.com/family.
By default, unless you log in and explicitly disable it, Windows 10 collects kids' usage activity and uploads it to Microsoft's servers. Presumably the same mechanism is disabled for adults. Presumably.
I definitely didn't enable it, and I'm sure my son didn't check any "narc me out to my parents" checkbox.
Edit: we already had a family account set up for our Xbox. I suspect that's how Microsoft determined that the emails should go to me.
[+] [-] TazeTSchnitzel|10 years ago|reply
(And that's terrifying.)
[+] [-] IkmoIkmo|10 years ago|reply
[+] [-] CamperBob2|10 years ago|reply
And this is legal under COPPA? If so, the law needs to be fixed sooner rather than later.
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] jahewson|10 years ago|reply
- KB3080149: "The diagnostics tracking service collects diagnostics about functional issues on Windows systems that participate in the Customer Experience Improvement Program (CEIP)."
The second update is short on details, but it's specifically targeting the UAC "Run as Administrator" dialog (which is implemented by consent.exe), presumably to collect information on unsigned applications which request admin privileges. Microsoft should provide further details here for sure, but I see nothing nefarious. One might guess that the information collected here might be the hash of the exe requesting admin privileges.
- KB3075249: "This update adds telemetry points to the User Account Control (UAC) feature to collect information on elevations that come from low integrity levels."
Compare this with the ridiculous claim in the article that this is "allowing for remote monitoring of everything that happens within the operating system."
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] mintplant|10 years ago|reply
Windows 10 has been launched and already installed on more than 50 million computers worldwide. It is now a known fact that Windows 10 user data is being sent back to Microsoft servers back in Redmond, Washington. Well, now new updates that are being deployed to all Windows 7, 8 and 8.1 machines will turn their computers into a big piece of spyware, just like their predecessor, Windows 10.
The updates in question are KB3075249 and KB3080149. if installed, these updates are known to report your data back to Microsoft servers, without user interaction. KB3075249 Microsoft Update adds telemetry points to ‘consent.exe’ in Windows 7, 8 and 8.1, allowing for remote monitoring of everything that happens within the operating system. KB3080149 ensures that all “down-level devices” receive the same updates and treatment as Windows 10 boxes get.
As you would guess, forums are lit up with speculation on these updates and more. Below you can find a list of other Windows updates that some users have questioned. Please keep in mind, avoiding some or all of these updates may cause your environment to be unstable and/or unsecure.
KB2505438 KB2670838 – Windows 7 Only (corrupts AERO and blurry fonts on some websites) KB2952664 KB2976978 – Windows 8 only KB3021917 KB3035583 KB3075249
[+] [-] acqq|10 years ago|reply
https://support.microsoft.com/en-gb/kb/3080149
"This package updates the Diagnostics and Telemetry tracking service to existing devices. This service provides benefits from the latest version of Windows to systems that have not yet upgraded. The update also supports applications that are subscribed to Visual Studio Application Insights."
https://support.microsoft.com/en-gb/kb/3075249
"This article describes an update that adds telemetry points to consent.exe in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 7 Service Pack 1 (SP1), and Windows Server 2008 R2 SP1."
[+] [-] FilterSweep|10 years ago|reply
[+] [-] tinfoilman|10 years ago|reply
Never do updates again (which is what I will be doing this evening) and make system perm insecure
Or let MS and the NSA rape me for even more data than they already have
Go [insert abusive word] yourself Microsoft and to think just last week I got a 3rd windows 7 license because I was planning to stay on 7 long term and not upgrade to 10.
Steam hopefully will push linux gaming that i can finally get rid of this crap.
[+] [-] ionised|10 years ago|reply
[+] [-] robogimp|10 years ago|reply
[+] [-] anonbanker|10 years ago|reply
Can we all just be honest with each other and call this behavior an addiction already?
[+] [-] rbx|10 years ago|reply
kb3080149 - "...Telemetry tracking service..." (https://support.microsoft.com/en-us/kb/3080149)
kb3068708 - "...Telemetry tracking service..." (https://support.microsoft.com/en-us/kb/3068708)
kb2976978 - "...performs diagnostics on the Windows systems that participate in the Windows Customer Experience Improvement Program..." (https://support.microsoft.com/en-us/kb/2976978)
kb3021917 - "...Telemetry is sent back to Microsoft..." (https://support.microsoft.com/en-us/kb/3021917)
kb3035583 - "...installs the Get Windows 10 app..." (https://support.microsoft.com/en-us/kb/3035583)
kb2952664 - "...ease the upgrade experience to the latest version of Windows..." (https://support.microsoft.com/en-us/kb/2952664)
[+] [-] inevitable2|10 years ago|reply
http://aeronet.cz/news/analyza-windows-10-ve-svem-principu-j...
For those who don't speak Czech: -It sends all text you type anywhere (not just into search) every 30 minutes to MS. If you type about a holiday to your blog, next day you'll see holiday ads.
-Every 30 minutes it sends your geo-location and network information.
-If you type a telephone number into Edge it sends it to MS after 5 minutes.
-If you type anywhere in Windows a name of some movie, Windows will start indexing all your media files after a while and will send it to MS after 30 minutes of your inactivity.
-After installing W10, it will send about 35MB of data once.
-After turning on your webcam for the first time it sends data to microsoft once.
-Everything you say is transferred to MS, it works even if you disable and remove and uninstall cortana. Parts of Cortana are needed for the core of the OS to run.
-Voice is transferred every 15 min, 80MB of data.
-After 15 minutes of your inactivity or when screensaver is on, network activity ramps up and everything else is being sent to MS.
-Blocking in hosts doesn't work, IPs are hardcoded into their code and DLLs.
[+] [-] kardos|10 years ago|reply
What would be even more interesting would be for someone to intercept the spying data that is being sent back so we know for sure what's being sent.
[1] https://news.ycombinator.com/item?id=10053420
[+] [-] Achshar|10 years ago|reply
Anyone know about any good unix distros that wont be too much of a culture shock to someone who has used windows his entire life?
[+] [-] drzaiusapelord|10 years ago|reply
[+] [-] jgrowl|10 years ago|reply
[+] [-] fiatpandas|10 years ago|reply
This one really hard to believe. All the others are kind of believable.
>-After 15 minutes of your inactivity or when screensaver is on, network activity ramps up and everything else is being sent to MS.
But what is everything else?
[+] [-] nothis|10 years ago|reply
[+] [-] imaginenore|10 years ago|reply
[+] [-] cakeface|10 years ago|reply
[+] [-] aikah|10 years ago|reply
I sincerely hope it backfires because it's just insane. If MS wants to collect on my hard drive or log my key strokes , it should ask for my approval first and not hide it behind a license.
People are outraged with the AM hack scandal, well nothing guarantees that MS will never be hacked. And when a database like this get hacked , every windows user data will be in the wild. That's just crazy. Is the the "new microsoft" , a lot of HNers like to boast about ? Same as the old one.
[+] [-] fiatpandas|10 years ago|reply
[+] [-] marvy|10 years ago|reply
[+] [-] beloch|10 years ago|reply
Microsoft needs to do something convincing to reassure it's users or Windows 10 will likely become synonymous with "Big Brother" regardless of what's actually going on.
To reiterate, we're leaving territory in which it would have been reasonable to "do nothing and hope it all blows over". MS needs to respond quickly or they're going to have another dud release on their hands, in spite of giving it away for free.
[+] [-] Navarr|10 years ago|reply
For the kind of people who care about this sort of thing.
Also puts "Scroogle" into perspective.
[+] [-] fataliss|10 years ago|reply
[+] [-] throwaway77632|10 years ago|reply
[+] [-] jimeh|10 years ago|reply
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] SpikedCola|10 years ago|reply
[+] [-] mosselman|10 years ago|reply
[+] [-] minthd|10 years ago|reply
[+] [-] DrNuke|10 years ago|reply