Posted on February 16th, 2017 at 17:00 Comment on the AskWoody Lounge
Privacy remains a thorny problem with no clear solution. I, personally, like to have Gmail scan my mail to snag flights. I don’t mind Cortana. My phone tracks everywhere I go. And I constantly use OK Google. So I’m not a poster child for computer privacy. Still, I understand folks who don’t want all of their data fed into a future General Dynamics overlord. Don’t laugh too hard.
A friend just forwarded an email to me from Mozilla (the Firefox people), suggesting that I take a look at a series of five talks put on by WNYC, the big public radio station for New York City.
They have a great hook:
In today’s world, privacy is less about being alone and more about protecting our identities and information. But if we’re all so concerned about protecting our personal data, why do we regularly give it away to apps, marketers, social media and websites?
That’s the privacy paradox. And it’s time to tackle it.
If you’re interested in pursuing the subject, you might want to venture to the Privacy Paradox site. It’s very well put together – and you might change your mind about privacy.
Or maybe not.
Posted on January 16th, 2017 at 06:59 Comment on the AskWoody Lounge
You’ve read about the new Windows 10 Creators Update privacy push – a new setup routine, new questions, new online privacy dashboard. The proposal is so persuasive the government of Switzerland has called off its threatened privacy lawsuit, and even EFF has backed off its original scathing indictment of Windows 10’s assaults on privacy.
Here’s what you need to know about what’s happening – and what isn’t happening – behind the scenes.
InfoWorld Woody on Windows
By the way, there’s a link to a cached Google page in the article that’s been changed. You can see a text version of the original Microsoft post here: http://webcache.googleusercontent.com/search?q=cache:YrpOjHVkC20J:https://support.microsoft.com/en-us/instantanswers/948e1d63-b92d-4d89-a6c3-66d7b7921d15/view-or-delete-browsing-history-in-microsoft-edge&num=1&hl=en&gl=us&strip=1&vwsrc=0
The cached copy shows that on January 12, there was no mention of browser history stored on the web. Compare the new version of the View and delete browser history in Microsoft Edge post with this old (Jan. 12) version
View or delete browsing history in Microsoft Edge
Windows 10 – Windows 10 Mobile
> Your browsing history includes sites you’ve visited, passwords, info you’ve entered into forms, and cookies. Microsoft Edge remembers this info and stores it on your PC as you browse the web.
> To view your browsing history, select the Hub icon , and then History. To delete it, select Clear all history, choose what you want to remove, and then select Clear.
Posted on January 12th, 2017 at 16:29 Comment on the AskWoody Lounge
Posted on October 20th, 2016 at 07:48 Comment on the AskWoody Lounge
If you’re concerned about personal privacy – and you should be – this article will take you back a step and look at a bigger picture.
The focus on loss of privacy from Watson, Cortana, Google, Facebook, DeepMind, and Siri risks us missing an even greater threat
Scary. I really do think the proposed kind of data oversight and regulation will be one of the big battlefields of the coming decade. The credit reporting agencies got a free ride for far too long (don’t get me started). We need to put the same type of assurances in place for all data collection, if it’s used to categorize/vet/pigeon-hole people.
InfoWorld Galen Gruman’s Smart User
Posted on June 20th, 2016 at 09:46 Comment on the AskWoody Lounge
Helluva good question from Brian, in a comment on the Avast post:
In your professional opinion- are we, the public of the world, fighting a loosing battle against Microsoft in trying to keep our Windows 7/8.1 and our private lives in tact?
Here’s my response:
In short, we’re losing the battle to keep our private lives private. It isn’t just Windows. It’s ab-so-lute-ly everything. When you think of the privacy implications of, e.g., face recognition on public-facing cameras, the mind boggles.
People need to figure out their tolerance for snooping. Many of the capabilities people want – say, maps with directions on their phones, or Alexa responding to factual questions, or Google sorting out photos – are only possible if they give up some privacy.
I think one of the great political debates of the coming decade will be about data gathering and retention. Right now, we have some (ineffective) safeguards in place for the credit reporting industry. There are more-effective but still holey safeguards with medical data and credit card info. Some day, people are going to demand details about what data is being gathered about them – they’ll want full reporting, and the ability to delete (or at least challenge) data they don’t like.
Or maybe people don’t care. Maybe the benefits being provided (and there ARE benefits) outweigh the loss of privacy. I don’t claim to have a one-size-fits-all answer to the problem.
As for privacy in Win7/8.1… clearly, Microsoft is trying to retrofit more data gathering into Win7 and 8.1. If you install all of the updates to Win7 or 8.1, they’re going to get more telemetry – more snooping. All of the telemetry between your machine and Microsoft’s big data dump in the sky is encrypted, just as you would want it to be. But that means nobody (outside of a very small handful of people inside Microsoft) knows what’s being collected.
Some of the new telemetry, we’re told, is tied to the Customer Experience Improvement program (CEIP) settings on a computer. Again, we have no way of knowing exactly what gets sent with a CEIP-on computer, vs a CEIP-off computer. We’ve never known what gets sent with CEIP on, which is why I’ve recommended that people turn CEIP off, and I’ve been recommending that since the early days of XP.
Bottom line: Microsoft has published lots of info about how they treat data, how they protect it, how they won’t let it go. You can opt in to certain snooping ways in Win7, 8.1 and 10, or you can opt out. But there’s no hard information about what’s being collected, how it’s being handled, and there are few promises about what will be done with it one, five, ten years down the road.
As for keeping Win7/8.1 on your machine – I haven’t seen any indication that Microsoft is changing the rules of engagement. If you’re using GWX Control Panel, or Never10 – or you’ve flipped the Registry bits manually — I think there’s a very good chance you’ll never get Win10 forced on you. Microsoft’s running out of sticks. Perhaps they’ll finally revert to a primarily-carrot approach.
Almost certainly, Google has more information about you than Microsoft. Almost certainly, every other software manufacturer is trying hard to get more info about you and guide you to more targeted advertising. Apple has just announced a unique approach, but the techniques behind “Differential Privacy” are hotly debated.
It’s a jungle out there. But then, it always has been.
Posted on May 18th, 2016 at 15:39 Comment on the AskWoody Lounge
Good question from CA:
KB3123862 reappeared on one of my machines this afternoon (optional, unchecked). We need to be forever vigilant.
Well, I have to ask — will you be testing the Win 7 “convenience rollup” (AKA SP2) to see if it includes Win 10 nagware. It’s pretty much a given that it’ll include the spyware/telemetry patches (e.g. KB2952664, KB2977759, etc.)
If not, maybe I can find the time next week to build a sacrificial machine and install a clean Win 7 Pro SP1 and then the rollup.
I also have concerns with the monthly rollup patches. Will MS sneak nagware into these? Can we trust MS? The one below looks OK:
May 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
You bet. I’m testing it on many of my Win7 PCs but, more importantly, I’m watching what other people say about the SP2 patch.
It’s obvious that SP2 installs the snooping patches and the ones that are primarily concerned with greasing the update client to make it easier to install Win10. I haven’t been able to check out a completely clean install of Win7 SP2 to see which patches get installed – and I hope somebody comes up with a definitive list, so we can compare.
What surprised me is that SP2 does NOT install KB 3035583. It does NOT install the GWX subsystem.
It’s not clear if my machines were spared because they had GWX Control Panel-set registry settings. But I do know that SP2 did NOT override those settings. Microsoft is playing by its own rules of engagement.
If the snooping patches get installed in their full glory, then people need to make a choice: Do they accept the snooping – realizing that it’s no worse than snooping many of us take for granted nowadays (e.g., by using the Chrome browser, or running a Chromebook, or an Amazon Echo, or a Siri-enabled iPhone or iPad) – or do they accept the fact that they’re sending info to Microsoft and move on?
It’s not an easy question to answer, especially for folks who are accustomed to Microsoft asking for permission to send data to the mother ship. (Remember Dr Watson?) But it’s important, to me, that people make an informed decision. That’s what I’m fighting for.
Posted on March 14th, 2016 at 10:34 Comment on the AskWoody Lounge
I received a very well-considered question from DB:
I just read your article about the forced Windows 10 update on InfoWorld. I also see that you have published other work on Windows 10. I have a question that I have been unable to get answered, even after asking Microsoft directly. I’m hoping you can assist me.
I am a college instructor. As such, I am bound by college policy and federal law to maintain the privacy and security of my students’ personal and educational data. This includes obvious things like their home addresses and phone numbers, but it also includes their grades, communication about missed classes and even which classes they are currently taking.
I use my personal computers to log into my college email, my learning management system (where grades are recorded) and to create my own files for assignments, projects, and general record keeping that is the constant side-task of any teacher. My college runs Windows 7 on campus currently. I have multiple laptops running multiple OSs but I am reluctant to upgrade to Windows 10 because I have not yet been assured that Microsoft will not collect data from my daily usage that could compromise my adherence to FERPA (the HIPAA laws for education).
I’ve read plenty of articles that describe Microsoft’s data collection ranging from benign to outrageous, so I posted directly to their own forums asking if Windows 10 collects data that violates FERPA. I received a response, however the technician seemed to think I was asking about firewalls and malware. Even after restating my question, no response from Microsoft was forthcoming.
I do have access to the enterprise version of Windows 10 and I know some things can be disabled, but then I read something about data still being sent, despite disabling anything and everything to do with this process. Can you help me figure out if I can actually safely and securely use Windows 10 when I am dealing with student data?
Thank you for your time.
I’ve seen lots of evidence that Microsoft is snooping more in Win10 than it was in Win7 — and I’ve seen ancillary evidence that it’s snooping more in Win7 than it used to.But the people who report on the traffic between Windows and Microsoft’s servers suffer from one manifest flaw: They have no idea what’s being sent. Microsoft encrypts the data, and nobody’s been able to decode it.That’s good, mind you. Any harvested data flowing from your computer to the outside world should be encrypted.Even though the data’s going out, I’ve seen no evidence that it’s being misused. And I certainly haven’t seen any evidence that it’s being used in a way that would violate HIPAA (or FERPA).Can I guarantee that Microsoft’s methods don’t break the law? No. But it seems highly unlikely.
Posted on September 29th, 2015 at 08:08 Comment on the AskWoody Lounge
Susan Bradley ran a very straightforward experiment with all of the Windows 10 “phone home” settings turned off. The results may surprise you.
InfoWorld Woody on Windows