Pages

Thursday, August 27, 2015

Windows 10: Spyware Disguised as an Operating System


by Gaius Publius

If you're like me and work on a Windows-based system, you get these popups from time to time offering to "upgrade" you to Windows 10, Microsoft's latest and greatest, for free. Normally these upgrades cost $100 or so.

Me, I'm still on Windows 7, since like many I consider Windows 8 both half-baked for professional use and a data-suck for entertainment use. About the first, it was clear when Windows 8 first came out that you couldn't do serious work using that "tiles" screen, and the "Desktop" screen was so like Windows 7, why not just stick with Windows 7, which, after the Vista disaster, actually worked?

About the second, it was also clear that almost everything the casual user wanted to do from that "tiles" screen required (or strongly encouraged the use of) a "Microsoft account" — clearly an attempt to jump-start a massive Microsoft database to compete with Steve Jobs' "Apple account" database.

Most large businesses I work with have avoided Windows 8, and most new systems, like the one I'm using now, can even today be bought with Windows 7. In short, Windows 8, like Vista, was a failure. Windows 7 "fixed" Vista. Would Windows 10 "fix" Windows 8?

I decided to find out. And it didn't take long to discover that Windows 10 is not only worse than Windows 8, it is worse in a worse way. It's one thing to install an application that spies on you. It's another when that spyware application you just installed is the operating system, and controls the whole machine.

Is Windows 10 Worth Installing?

The answer is No, if you're asking me. In fact, it's worth never installing. I'd avoid it until the final minute you're forced to change, and even then, you should hesitate to upgrade. Reason? Under its default settings, Windows 10 is widely reported to be spyware, an operating system that watches you work, even offline, and reports back to Microsoft anything it feels like reporting. If you approve the licensing agreement — and how can you use any software without clicking "I Agree"? — you're giving Microsoft permission to collect any data they can get (based on your settings) and share it in any way they want.

Windows 10 is the ultimate privacy violator — an operating system that wants to watch everything you do and send back whatever it finds or figures out about you.

Windows 10: A Microsoft Spy That Runs Your Computer

I have no direct evidence of this, since I've not seen the OS, nor will I ever attempt to install or use it. But the reports are many. Here's one, posted to LinkedIn (a LinkedIn account may be required; my emphasis except where noted):
Windows 10 – Microsoft’s Big Data-grabbing (or spying?) OS

It’s been a couple of weeks since the launch of Windows 10 and the numerous voices raising concerns over privacy and how it uses personal data are not getting any quieter.

Many of the concerns stem from the fact that if users follow the software’s recommendations and stick to default settings while installing their free upgrade, they are effectively giving Microsoft permission to directly monitor pretty much everything they do on their machines. This includes offline activity such as editing files stored locally in private folders on your computer, as well as everything you do online.

It doesn’t stop there, though. As well as monitoring and storing records of this activity, people installing the upgrade are - perhaps unknowingly if like many they have become complacent about reading privacy policies – giving Microsoft permission to share it with unspecified “partners”, for unspecified reasons.

Although the terms and conditions are incredibly vague about why they are doing this, it’s become clear there are several reasons. These include collecting personal data for targeted advertising purposes (by Microsoft or their partners) as well as to gain a deeper understanding of how their products are being put to use by their millions of users.

Privacy in the cloud

Windows 10, running under its default settings, is clearly designed to learn as much about us as it can. The rapid spread of cloud-based software-as-a-service platforms, such as Microsoft’s own Office 365 and Adobe’s Creative Suite, has introduced us all to the idea of software providers gathering data on how we use their products. However integrating this kind of monitoring into the core of the OS (Operating System) takes things to a whole new level. We might have got used to the idea that our activity within the container of a certain program or service is being analysed somewhere, by someone, for some reason. But the fact that this level of scrutiny is now applied to everything we do on our computers is causing many commentators and online security experts to issue warnings.

Even the contents of your emails and documents stored in private, offline folders can be subject to scrutiny and “disclosure” (to unspecified parties), according to the wording of Microsoft’s privacy policies. Of course, it’s quickly become apparent that this is why Microsoft, which has traditionally charged users around $100 to upgrade to the latest version of their OS has, in an uncharacteristic act of generosity, given it away for free. $100 multiplied by the 14 million who updated in the first day alone is clearly a lot of revenue for them to pass up on. However, while the strategical soundness of some of Microsoft’s recent actions have been questioned, this was far from a stupid move on their part. And there’s no such thing as a free lunch. Of course Microsoft want payment for using their services, only this time they are happy to take it in personal data rather than cash.
There's more, including information about the Personal Advertising ID, a unique identifier that will follow you onto any MS system you use, including Xbox:
One new concept users are becoming aware of is the Personal Advertising ID. Every user on every installation of Windows 10 is assigned one of these, and if you use other Microsoft devices such as a phone, tablet or Xbox games console, your data will be scooped up from those too. By default, details on every web site you visit, your physical location, every command you type or speak to the computer and countless other data points are recorded and uploaded to Microsoft. From there, they will be shared with producers of apps you download and give permission to run on your system, as well as advertisers.
And yes, there's even more bad news than that.

Windows 10 Wants to Share Your Wi-Fi Connection with Your Contacts

Here's another intrusion. Windows 10 wants to give users near you access to your Wi-Fi connection. This comes from Krebs on Security (emphasis in original; some links removed so as not to encourage upgrading):
Windows 10 Shares Your Wi-Fi With Contacts

Starting today, Microsoft is offering most Windows 7 and Windows 8 users a free upgrade to the software giant’s latest operating system — Windows 10. But there’s a very important security caveat that users should know about before transitioning to the new OS: Unless you opt out, Windows 10 will by default prompt to you share access to WiFi networks to which you connect with any contacts you may have listed in Outlook and Skype — and, with an opt-in, your Facebook friends.

This brilliant new feature, which Microsoft has dubbed Wi-Fi Sense, doesn’t share your WiFi network password per se — it shares an encrypted version of that password. But it does allow anyone in your Skype or Outlook or Hotmail contacts lists to waltz onto your Wi-Fi network — should they ever wander within range of it or visit your home (or hop onto it secretly from hundreds of yards away with a good ‘ole cantenna!).

I first read about this over at The Register, which noted that Microsoft’s Wi-Fi Sense FAQ seeks to reassure would-be Windows 10 users that the Wi-Fi password will be sent encrypted and stored encrypted — on a Microsoft server. According to PCGamer, if you use Windows 10’s “Express” settings during installation, Wi-Fi Sense is enabled by default.

“For networks you choose to share access to, the password is sent over an encrypted connection and stored in an encrypted file on a Microsoft server, and then sent over a secure connection to your contacts’ phone if they use Wi-Fi Sense and they’re in range of the Wi-Fi network you shared,” the FAQ reads. ...
There's a yes-but noted further in the article — Yes, but you have to opt in on a network-by-network basis. However, as the original writer notes, "many users are conditioned to click 'yes' to these prompts, and shared networks will be shared to all Facebook, Outlook, and Skype contacts (users can’t pick individual contacts; the access is shared with all contacts on a social network)."

Here's my yes-but to Microsoft — Yes, but why in god's earth do you want this information in the first place?

The Functionality of "Cortana" Comes With a Privacy Price

"Cortana" is Microsoft's name for its Siri-like "digital assistant." The problem is, to "serve" you better, Cortana learns everything it can about you (my emphasis):
Cortana is a personal digital assistant, a kind of silicon secretary who can help make your life easier. Instead of searching for things you ask Cortana - so if you want to know what the weather forecast is, how many pounds are in a kilo, who's winning the football or when Jim's birthday is, you'll ask and Cortana will give you the answer. ...

Cortana is designed to learn about you and store what matters in her Notebook. That means she'll silence your phone during your favoured quiet times, warn you about travel issues and remind you that your friends owe you money. ...

Cortana won't just listen to you, she'll understand you, and she'll be aware of everything from your location to your personal preferences.

So when you ask her to book a hotel, she'll find the kind of hotel you like in the kind of area you like to stay in at the kind of price you want to pay. If you're in an airport she'll anticipate that you need a boarding card and will have it ready when you unlock your phone.
To disable all that data collection, you apparently have to disable Cortana, though I'm not sure even that will disable the spying — and given Microsoft's history, I would never trust them to tell me the truth anyway.

Edward Snowden's famous PRISM slide. Notice the date of Microsoft's collusion.

There were even stories, unsearchable now, of Microsoft using Windows 3 to spy on its beta-test customers, to read their hard disks and report what it found. I can't verify those stories today, but I can verify that I heard them at the time.

Paying a Price for the iHipster Life

Will the current generation of Steve Jobs–loving, faux-hipster iCool people surrender all that privacy for a little "convenience" and some implied in-crowd self-branding? According to the original article above, 14 million people updated to Windows 10 in the first day alone. At $100 per registration, Microsoft surrendered almost $1.5 billion to get something from them.

What did Microsoft give back? Something like this?

iHipsters working at a control-freak company. Apple's counter-factual self-branding is brilliant (source).

My entirely personal advice? The hipsters are paying a very heavy price. Never use Windows 10 until you know for sure it can never spy on you. And even then give it a second thought. Make Microsoft and the NSA work to find out every fact of your online and offline life.

If they want to know what days you sleep in and why, make them come to the door and ask.

GP

6 comments:

  1. The MS strategy is working. Corral enough users initially into the Win10 stadium to attain default status and then slowly herd the more cautious ones in through a series of compatibility chutes until they're left with just a few mavericks who are too small in number to prevent the coup de grace with a revolt to any alternate platform.

    ReplyDelete
  2. Joe M. Hayes5:36 PM

    Microsoft has experienced its grandest failure ever. Windows 10 renders your computer almost totally useless. We're told before signing on that "if you change your mind" no problem. It's easy to switch back. Not true. I've spoken with several users and NO ONE has the "same switch back" instructions on their screen. No dvd player, no cd player, no copy and paste function, system crashes often when one changes websites. On and on. Hundreds of users have written complaints and I've not found a single answer. Microsoft is guilty of false advertising and more. A class action suit, although difficult, is perhaps the best answer. Joe M. Hayes

    ReplyDelete
  3. Calm down everybody. Turn off Cortana and on the same menu access the privacy settings and turn off as many bi-directional settings as possible. Then, turn your attention to the real culprit--your smart phone--that essentially broadcasts your activities and location in real time for the pleasure of the data monetizers, LEA and NSA alike. It is WAY more difficult to button down your stupid phone (and hardly anybody cares to) than it is with your non-LTE PC.

    ReplyDelete
  4. Everyone can get off the grid of corporate, for-profit computing by installing a free open source Linux operating system. I recommend Linux Mint; Ubuntu is another popular choice. Both operate more or less like Windows or Mac, but all or most of the software you'll need is free and open source and available by download through the operating system's Software Manager. You don't need to be a computer geek these days to go open source. Do a web search for Linux Mint or Ubuntu and check them out. (You can install a Linux system alongside yr current one and check it out in operation before going full open source. I haven't had a Windows or Mac OS on my computers for about six years now and I have no regrets.)

    ReplyDelete
  5. Anonymous11:48 AM

    I recommend Linux Mint, and away windows

    ReplyDelete
  6. Anonymous12:26 PM

    The privacy options in Windows 10 are just for look. Many people have already tested this with packet analyser and even with all of the spyware "turned off", it still sends out data to the mothership.

    On top of this, you cannot control updates unless you're on an enterprise version of Windows 10. This means any changes you make can be easily reverted by Microsoft with a forced, stealth update.

    Windows 10 is pure garbage. I'm sticking with Windows 8.1 Pro (with Classic Shell) until Mint, Ubuntu or SteamOS gains more support. If my CPU supported VT-d, I'd just switch to Mint right now and run Windows in a VM.

    ReplyDelete