Replies

[T]

That’s a scary but fascinating read. I believe it’s from Gellman’s new book about Snowden called Dark Mirror and there’s another excerpt over at wired which is also worth reading. I can only imagine how frightening it must be to be a target of the state and how difficult it is to protect yourself all the time because you only have to slip up once for attackers to get you and even then it seems all bets are off when it’s state surveillance after you.

https://www.wired.com/story/inside-the-nsas-secret-tool-for-mapping-your-social-network/

• This reply was modified 4 years, 12 months ago by T.
• This reply was modified 4 years, 12 months ago by T.

2 users thanked author for this post.

AlexEiffel, SueW

It reminds me very much of facebook’s weasel apologies over the years when they’ve unrolled one or other privacy busting features and they’re all “we went too far this time” or “this wasn’t in keeping with our core values” while never quite rolling back the privacy invading feature creep to where it was before. I will just not risk installing the zoom client on my machine and finding out down the line that it’s opened up some backdoor port even after the client is uninstalled because on the face of it it appears they are either incompetent when it comes to the tech (advertised as being p2p encrypted but not) or there is a huge communication problem between the pr and tech departments. It’s good they are getting this level of scrutiny due to the finger of fate somehow choosing them as the pandemic streaming app of choice but i am not yet convinced they know what they are doing.

It seems to me your acceptance of something like zoom correlates with your acceptance of things like open mics to massive tech companies in your house, using a data slurping OS like windows 10, putting all your data eggs in one G shaped basket etc. What i mean is, you start accepting those then what’s one more data slurping little gadget, right?

Personally, i’ve not used it and am unlikely to at this point and as a consequence i have isolated myself more than i should have but i just don’t trust them. I refer to bruce schneier on this matter and while they may have slightly improved their privacy and security policies since getting so much bad publicity i still don’t trust them until i’m given a good reason why they deserve it.

https://www.schneier.com/blog/archives/2020/04/security_and_pr_1.html

That’s interesting to know, i’ll be sure to grab that one.

I’d sort of forgotten about .net updates after win7 fell out of general support because if they’re no longer offered through update i just find them a confusing mess of which ones to download and install, particularly if you go the security only route and not quite fully knowing exactly which framework version i have installed.

1 user thanked author for this post.

Nibbled To Death By Ducks

Microsoft still has not given up and is determined to get that Telemetry everywhere. I really hate it when it does that.

Yup, they are absolutely determined to force it down our throats despite, as susan has pointed out, it being pretty useless for tracking down problems.

After 3 months i’ve dipped back into installing updates using abbodi’s extremely useful ESU bypass script but now i’m not sure whether to skip march or install it and just disable the useless telemetry. I would be extremely wary of the telemetry reporting back to microsoft those who don’t have an ESU licence and revoking the windows activation but maybe i’m being paranoid.

[T]

Oh, does it not? Susan upthread seems to agree that it does. My concern is just what microsoft will do to clamp down on obtaining ESUs for free.

Then again, we’re currently living through a period where so many more people are working from home and win7 still has a huge user base.

• This reply was modified 5 years, 2 months ago by T.

2 users thanked author for this post.

MrChaz, KWGuy

Thank you so much for this, abbodi86. This should tide me over until i figure out what i’m going to do long term, with no option being ideal. However, i am a little concerned implementing it because this violates the EULA and i worry microsoft will start deactivating the product keys of genuine installs and then you’re effectively using a pirate copy. Also, it was my understanding that this workaround had been prevented with the latest SSU.

2 users thanked author for this post.

KWGuy, woody

[T]

Thank you. I have read both the support pages and the blog thread but Microsoft’s support pages aren’t worth the digital paper they’re written on as far as I’m concerned and I could have sworn I read one of woody’s articles stating that the security only rollup didn’t include it so I just wanted some clarity.

The point is though, Microsoft are already gaslighting us when their support pages explicitly state that the adware doesn’t show up until January 15th. No wonder I don’t trust their own documentation.

• This reply was modified 5 years, 5 months ago by T.

[T]

So which nag screen is this? Is it the one included in the recommended update that of course we all avoid installing or is it the one bundled in the December rollup? If it’s the latter then I thought that’s only supposed to be activated from January 15th onwards so if that’s the case then microsoft are again acting with suspicious intent and we should be aware.

Speaking of the nag screen being embedded within the December rollup, can anyone positively confirm the adware is also bundled in the security only rollup?

• This reply was modified 5 years, 5 months ago by T.

[T]

You’d think I’d have learnt this valuable lesson by now but it seems that was the key piece of information I was missing – Microsoft’s belligerence when it comes to supporting anything their users actually want to use that isn’t riddled with ads, cloud (someone else’s computer) features or telemetry. There’s a well known phrase that says ‘if you’re not paying for the product then you are the product’ but increasingly if you do pay for the product then you’re still the product.

• This reply was modified 5 years, 6 months ago by T.

3 users thanked author for this post.

Nibbled To Death By Ducks, Kranium, PrivacyPhreak

I’m not quite sure I follow this; it may be too early to determine the nuts and bolts of this yet but if you’re a business using pro and you push out the security only updates every month does that mean you’re not eligible for extended support unless you use the telemetry infested rollups? Getting extended support was good news but it seems there’s now a massive caveat attached to that.

Yeah, so what you’re saying is we have a Hanlon’s razor situation – “Never attribute to malice that which can be adequately explained by stupidity.”

That sounds about right with these keystone cops bunch.

[T]

Oh yes, that’s always a handy resource for direct links but the file hashes still don’t match those listed on microsoft’s own site so which files, i wonder, are those hashes for? I’m just being overly cautious i guess but when file hashes don’t match one should always be extremely wary installing anything.

• This reply was modified 5 years, 6 months ago by T.

Yet again the file hash for KB4519974 does not match the file hash information listed on the cumulative update page which is infuriating – https://support.microsoft.com/en-us/help/4519974/cumulative-security-update-for-internet-explorer

Furthermore, when you click the link which takes you to the update catalogue it takes you to KB4524135 which is the october 3rd cumulative update! Doesn’t anyone check this stuff?

Of course, the SHA1 file hash matches the filename but filenames can be easily altered so doesn’t instil one with confidence that something hasn’t been tampered with.

Ahh, this makes sense. Thank you.

Yes, i never rush into updating for just this reason and i’m with woody and susan on this, as things stand right now it’s best to hold off until microsoft can decide whether it is actively being exploited and stick to it.