News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • Cimpanu: The US Govt Accountability Office recommends the US adopt GDPR-like privacy legislation

    Posted on February 17th, 2019 at 07:48 woody Comment on the AskWoody Lounge

    It’s about time.

    Catalin Cimpanu, writing for ZDNet, has some great news:

    An independent report authored by a US government auditing agency has recommended that Congress develop internet data privacy legislation to enhance consumer protections, similar to the EU’s General Data Protection Regulation (GDPR).

    The report (PDF) recommends:

    Congress should consider developing comprehensive legislation on Internet privacy that would enhance consumer protections and provide flexibility to address a rapidly evolving Internet environment. Issues that should be considered include what authorities agencies should have in order to oversee Internet privacy, including appropriate rulemaking authority.

    It’s about time. (Although it looks like the report was published on January 15. First I’ve heard of it.)

  • New, improved privacy in Win10 1803 may not be what you think

    Posted on January 31st, 2018 at 05:32 woody Comment on the AskWoody Lounge

    I’ve been reading the wave of mainstream articles that followed Marisa Rogers’s publication last week of an official Microsoft notice about new privacy features in the next version of Windows.

    Being the skeptic that I am, the articles sounded to me like Microsoft Press Releases bouncing around the blogosphere — long on accolades, short on real-world experience. Sadly, we’re seeing a whole lot of “reporting” like that these days.

    So it heartens me to see a hard-boiled look at the new feature, from my old friend Preston Gralla. In his Computerworld opinion piece Don’t believe Microsoft’s latest privacy hype, Gralla hit it right on the nose:

    Microsoft got plenty of kudos for the new tool. For the company, that was mission accomplished. But it was anything but that for users. The Diagnostic Data Viewer is a tool that only a programmer could love — or understand. Mere mortals, and even plenty of programmers, will be baffled by it, and they won’t gain the slightest understanding of what data Microsoft gathers about them.

    His conclusion:

    Microsoft should change this. It should release a simple-to-use tool that shows in granular detail and in plain English exactly what diagnostic information is being sent to Microsoft. People should then be allowed to opt in or out for every type of diagnostic information that is sent. And everyone should be able to do that, not just those who have a specific version of Windows 10.

    With the EU apparently poised to do some real privacy protection — I’m not talking about the glossy installation switches in Win10 1703 and later, which are all hat and no cattle — the topic’s going to get heated in the next few months.

    If you want to know the real, nitty-gritty story on Win10 privacy — which settings do what, and how it all fits together — take a look at Martin Brinkmann’s The Complete Windows 10 Privacy Guide: Windows 10 Fall Creators Update version. I have a link to it over on the right side of this page.

    That’s the meat. Don’t settle for the sizzle.

  • Privacy, Apple style

    Posted on September 28th, 2017 at 11:12 woody Comment on the AskWoody Lounge

    Apple may be hobbling its advertising revenue by its strict adherence to privacy-friendly policies, but it’s getting a lot of respect at the same time.

    Read about it in Rene Ritchie’s article in iMore:

    Apple, because of its own business model, has no need to persist our data, our behavior, and our relationships on its servers. What’s more, by virtue of the company’s belief in privacy and security, it wants no part of our data. Instead, it encrypts our data end-to-end in transit and purges it as quickly as is practical.

    I’m not saying it’s perfect. I’m saying it sounds better than Google and Microsoft.

  • Google will no longer scan Gmail to serve up personalized ads

    Posted on June 23rd, 2017 at 17:14 woody Comment on the AskWoody Lounge

    It’s a remarkable development. Martin Binkmann at gHacks reports that Google’s giving up on its email scanning.

    Wouldn’t surprise me a bit if EU privacy concerns prompted the move. Whatever the impetus, the result is important. Google stopped scanning email in paid accounts and educational accounts years ago. This is another step in the right direction.

    Far as I know, Microsoft still scans the subject line in free Hotmail/Outlook.com mail accounts.

  • HIPAA compliance using Win10 Enterprise

    Posted on April 14th, 2017 at 06:40 woody Comment on the AskWoody Lounge

    Here’s an excellent article about walking the thin line between modern technology and HIPAA (think: keeping private information private in the US — if that isn’t an oxymoron). From HIPAA One, Steven Marco, Arch Bear, and Markus Muller have put together an insightful analysis. From the introduction:

    In today’s computing environment, record-breaking data breaches (e.g. Premera Blue Cross with 11+ Million members breached in 2015) that include healthcare identity theft have increased by over 20% year-over-year between 2012 and 2014

    1. It is no surprise most of us feel we have lost control of our personal data

    2 . This is especially true in the healthcare industry in the form of data breaches and HIPAA Privacy violations.

    Simultaneously, massive populations of users are fully-embracing new mobile applications to store and share data across platforms. As a result, cloud computing has bridged the gap between consumer devices and sensitive data. Is there a price to pay for our love affair with cloud-based apps and mobile devices?

    As a cloud-based technology user, have you ever wondered about the safeguards protecting your personal and health information? Ever contemplated how modern operating systems like Google Android, Apple iOS and Microsoft Windows 10 access your data to provide cloud
    powered features?

    For example, Siri, the Dragon dictation cloud, Google Voice search and Docs all send voice recordings to the cloud and back while other built-in OS features share contacts between apps. How do these cloud-powered features impact these risks?

    If a medical facility utilizes voice-to-text technology (e.g. by saying “Hey Cortana”, “Siri” “OK Google”, or “Alexa”) to dictate notes about a patient, that information is automatically exchanged with the cloud. Without a business associate agreement, that medical facility could
    face a HIPAA violation. How do we combine the past 30 years of email-use, file and print sharing with today’s cloud-enabled apps securely?

    These questions and concerns are currently top-of-mind for IT and legal professionals responsible for managing electronic Protected Health Information (ePHI) while ensuring and maintaining HIPAA compliance. In light of the recent focus on HIPAA enforcement actions, hospitals, clinics, healthcare clearinghouses and business associates are trying to understand how to manage modern operating systems with cloud features to meet HIPAA regulatory mandates. Additionally, many of these healthcare organizations are under pressure to broadly embrace the benefits of cloud computing.

    Microsoft has invested heavily in security and privacy technologies to mitigate today’s threats.

    Lounger zero2dash, who posted the original link to this story, says:

    They configured the heck out of 10 AU Enterprise to not phone home, and it did it anyway. Very interesting to see all the settings they tweaked in GP but still saw all the traffic going to MS.

    Having to deal with PCI Compliance is bad enough for me; I’m glad I don’t have to try to keep our environment HIPAA compliant.

    Well worth reading (PDF).

     

  • Microsoft’s newfound telemetry transparency with 1,966 basic data points

    Posted on April 5th, 2017 at 15:47 woody Comment on the AskWoody Lounge

    Even on the “Basic” setting, Win10 Creators Update still sends 1,966 individual pieces of data to the Microsoft mother ship.

    At least, now we have some documentation.

    InfoWorld Woody on Windows

  • Microsoft coming (a little bit) clean on its telemetry settings for Win10 Creators Update

    Posted on April 5th, 2017 at 09:12 woody Comment on the AskWoody Lounge

    I’ll have more as I get a chance to step through the details, but the post this morning from Brian Lich is a decided step in the right direction.

    Version 1703 diagnostic data

    Version 1703 basic level Windows diagnostic events and fields

    Version 1703 installation privacy settings

    That latter article duplicates some info that we’ve known for quite a while. See the info I posted earlier in 5 Fatal flaws that dog the new Windows 10.

    Thx to Peter Bright at Ars Technica.

  • Mozilla-sponsored “Privacy Paradox: Note to self”

    Posted on February 16th, 2017 at 17:00 woody Comment on the AskWoody Lounge

    Privacy remains a thorny problem with no clear solution. I, personally, like to have Gmail scan my mail to snag flights. I don’t mind Cortana. My phone tracks everywhere I go. And I constantly use OK Google. So I’m not a poster child for computer privacy. Still, I understand folks who don’t want all of their data fed into a future General Dynamics overlord. Don’t laugh too hard.

    A friend just forwarded an email to me from Mozilla (the Firefox people), suggesting that I take a look at a series of five talks put on by WNYC, the big public radio station for New York City.

    They have a great hook:

    In today’s world, privacy is less about being alone and more about protecting our identities and information. But if we’re all so concerned about protecting our personal data, why do we regularly give it away to apps, marketers, social media and websites?

    That’s the privacy paradox. And it’s time to tackle it.

    If you’re interested in pursuing the subject, you might want to venture to the Privacy Paradox site. It’s very well put together – and you might change your mind about privacy.

    Or maybe not.