205 comments

[ 2.6 ms ] story [ 211 ms ] thread
> The company said updates to Windows 10 are a choice, not a requirement,

I guess tell that to all the non-technical people who saw the options to dismiss dialogs dwindle down to [OK].

Not to mention those who fell for the no-means-yes close button (which violated MS's own UI guidelines).
Agreed, that was really bad, and there should be repercussions ...

However, I've updated half a dozen PCs to Windows 10, including two on the last day. One of those was my wife's, and she has no technical expertise at all.

What I can say for certain is that I have never seen a forced update, and I have never been able to install Windows 10 without agreeing to the EULA.

It was a notification dialog, not an action dialog:

http://core0.staticworld.net/images/article/2016/05/gwx-new-...

it wasn't a notification, it was DOING something.
It's a notification that something will happen later -- like all notifications.

Look, Microsoft pushing Windows 10 upgrades is really annoying but that doesn't mean one has the skew the facts to make it seem worse than it is. It took me many clicks to install Windows 10 despite being nagged about it for 12 months.

The funniest phrase there is "Over 300 million people have already upgraded" --- whether or not they actually wanted to is not mentioned. It reminds me of early 2000s spyware which had similar phrasing: "X people have already installed SuperAwesomeWebToolbar, what are you waiting for?"
Probably settlement for these lawsuits will cost Microsoft a lot less than people not upgrading. The strategy worked.
Then again, these lawsuits probably do more damage by perpetuating the negative publicity around Windows 10 than through any direct financial impact they might have.

Now that the free upgrade period for Windows 10 has run out, and it's clear that large numbers of people didn't want Microsoft's latest product or buy into its everything-cloudy vision even though they were literally giving the OS away and heavily promoting the whole strategy, it will be interesting to see what they try next.

Yeah, but the executives already got their bonuses for many years. If the campaign is a monetary failure for the company, they will just clean house and hire a new batch of execs who will blame all the problems on the prior group so that they get their bonuses. Everyone wins, except the user.
The problem is, people have to upgrade. And for the most part, they have to upgrade to something Windows. So if Windows 10 is their only choice, they have to do it, bad publicity or not. Windows XP support is done, Windows 7 mainstream support ended last year and all support runs out in four years. Unless Windows 11 comes out by then and is not controversial, 10 is the only choice.

Sure, some people could move to Linux, but it's unfamiliar and fairly unpopular, and a lot of people would rather have some familiarity and popularity to help troubleshoot rather than zero. Some people could move to macOS, which is more reasonable since it's more popular, unless they have software that needs Windows. The big issue there is, I hardly see anyone with an ultrabook or a high end desktop (that isn't being used for gaming). Windows users are used to cheaper computers, and a Macbook might be out of their price range.

So for everyone who doesn't have the technical support options for Linux and doesn't have the budget for a Macbook or iMac, they're stuck with Windows. And someday they will have to upgrade, like it or not. Bad press doesn't really hurt Windows in the long run.

> Unless Windows 11 comes out by then

I agree with your points, However, the chance of Windows coming out is zero, unless you think Microsoft could simply rename Windows 10 to 11.

There is no team inside Microsoft working on Windows 11, as far as I can tell. The Windows team is working on improved versions of Windows 10, which seem to be appearing twice a year at the moment.

Any reader from the Windows team is, of course, welcome to comment ;-)

I thought I had read recently that Microsoft is not going to continue with the incremental release numbers. If anything, they'll probably just drop the version number, call it "Windows OS" and have an Arch-like rolling release strategy.
They have build numbers for the test rings. Otherwise, they've used names and numbers for new releases. The last one was November's Fall Update, version 1511 (from the date) and the next one is August 2's Anniversary Update.

Either way, the naming is essentially arbitrary, so they can change it however they like. The same Windows code, which has a long history, is going to continue into the foreseeable future...

Sorry, terrible typo, or braino. Instead of "the chance of Windows coming out is zero", please read "the chance of Windows 11 coming out is zero".
The problem is, people have to upgrade.

Eventually, yes, but not any time soon and not necessarily to Windows 10.

Our standard in my businesses (which are relatively small and in tech industries) is still Windows 7. We don't consider Windows 10 a viable option because of the forced updates and telemetry issues, so we'd be looking at alternative platforms if Microsoft decided to dig in. As things stand, neither of those situations looks like changing any time soon; I'm guessing we're not alone, since all of our suppliers still seem to assume Windows 7 by default on new machines, so it will be interesting to see how the likes of Dell put pressure on MS to deliver something they can sell at Windows 7 nears EOL.

In our case, Apple gear would be the most obvious switch today. It has viable alternatives for most of the software we need in most areas, and crucially, it already has much better options in some of areas that aren't available on Windows. The hardware itself is relatively expensive, but it's far less expensive than making the wrong choice of platform and a lot of the applications themselves are cheaper, so it's well inside the "acceptable business expense" range.

Our view is that going cloud-everything isn't the way forward for us, so we're not particularly interested in those kinds of alternatives. Other businesses will presumably have different needs and priorities, though, and certainly the cloud-based offerings are becoming more competitive with traditional desktop software in a lot of areas for those who can meet their requirements that way and tolerate the disadvantages. If you can move your essential business software to something Web-enabled then it doesn't matter what OS you're running, or potentially even what type of device you're using.

And of course if MS do leave a huge vacuum in the mainstream desktop/laptop OS category, someone will surely move to fill it, because there's still an awful lot of money to be made there. I doubt it would be anything like any of the current Linux or BSD distributions, but as we've seen with OS X, Android, SteamOS and others, you can build a lot on top of those platforms with enough resources in the length of time we're talking about here, and certainly there are several heavyweights in tech today who have those resources if they choose to make a move.

So you might be right about people having to upgrade eventually, but I think there are likely to be a lot more viable options by that time than you're allowing for here.

You're exactly right, these are the thoughts that are going through everyone's head. The same thoughts we all had when moving from Windows XP when Vista was the replacement and no one really liked it. Companies I worked with stayed on XP until they literally had no other choice, and then reluctantly moved to Windows 7.

One of the biggest features of Windows in the small-medium business and even enterprise markets is backwards compatibility. If you're willing/able to give that up, you are free to switch anywhere. If you can't, you can't. You have to stick with Windows. I work at a major tech company and all of our laptops are Linux. But we also have Windows VMs because we're all required to run Microsoft Office. We're switching to Macs because we can run a non-Windows system but still have Office (with the exception of Visio, unfortunately).

"A lot more viable options" exist, except when you need Windows software. In which case, no more viable options will ever exist until a new version of Windows is released. The more likely outcome is Microsoft pushing Windows 10 Enterprise a little harder.

I'm not sure the XP/7 situation is a good comparison for 7/10 though. In the former case, the main concern was incompatibilities and the general time and money costs of a large-scale software migration. In the latter case, you have the same issues, but on top of those there are compelling reasons not to move to 10 for some organisations. It's not a case of delaying the move as long as possible to avoid incurring the overheads; they actively don't want to make that move at all.

I agree about the importance of backward compatibility for Windows itself, but I think compatibility is becoming less compelling as a reason for businesses to stay with Windows. The dangers of lock-in are well understood and a lot of businesses have been changing their IT strategies accordingly for a long time.

For example, in the era of XP to 7 transitions a decade or so ago, Office was the de facto standard format for exchanging most information within and between businesses. Today a wide range of online services are used for communication, and the tools for importing and exporting Office files from other software are now adequate for many purposes, and it's unlikely either of those trends will have reversed by 2020 when 7 runs out of support.

As of today, my own businesses have only a couple of Windows-only applications left that we rely on for anything fundamental. They are also the biggest pain points in our whole software infrastructure, also supplied by huge developers that have been moving in customer-hostile directions in recent years, and they are also starting to face serious competition from other applications on other platforms. Whether shifting away from Windows forces us to drop those few remaining Windows-only applications or dropping the applications removes the remaining incentives to stay on Windows first, I fully expect that by 2020 we won't be sorry to see any of them go.

>...it will be interesting to see what they try next.

It seems clear to me they've had the meetings and made the decision to ram Win10 down user's throats come hell or high water. They've given no indication that they regret the Win10 hard-sell or that it was any kind of mistake or misstep. On the contrary, they have doubled-down on the strategy and dismissed all objections along the way. The misuse of the red X to mean "OK" instead of "No" or "Cancel", breaking Windows Update so you could not block or hide the GWX are clear signs of their intent.

Win10 is the core of Microsoft's strategy to compete with Apple and Google. They want to become a marketing company and Windows 10 OS [Operating Spyware] is key to their long-term strategy. They want to shutdown support for all the remaining operating systems and push everyone onto Win10 as quickly as possible. The strategy is further revealed by their announcement that Cortana (and its associated collection of personal data and tracking) cannot be turned off in all but the Enterprise or Education versions of Win10, neither of which will be generally available.

My view is that this strategy will backfire. Win10 is not going to be installed in any business that needs high data security either for operations or regulatory requirements like HIPPA or the SEC, etc. The vast number of companies currently using Win7 aren't going to move to Win10 unless Microsoft reveals the scope of the spying and provides tools to shut it off without buying the Enterprise version. Everything will come to a head in 2020 when Win7 support is slated to end. At that point, I am planning on moving to Linux and I don't think I am alone. But what I do is irrelevant to Microsoft (essentially a consumer user of Windows) but what the installed base of business users of Windows choose to do will determine the future of Windows. It will be interesting to see who blinks first.

Consumers can also choose to be spied by Apple or Google instead.
Some people are down voting you but this is true. What is different about Microsoft is they are changing the terms of the relationship with Windows 10 whereas with Apple and Google it was always like this.
I think the down votes are because you could install Linux instead. Which is not owned by Apple or Google.
Assuming it has the desktop software people are used to, or that is able to have as much battery life without using powertop, or plug int any foreign beamer with a randr incantation.

Or that the distribution owners don't decide, just because, to replace a WiFi driver because of evil Broadcom and leave Ubuntu users 6 months without proper WiFi support until the open source driver catches up in features.

This happened a few years ago, just check the Ubuntu forums for the not so happy users comments.

I think you're right that they're doubling down, but I've also argued similarly to you that 2020 is going to be crunch time and their current strategy isn't working.

My suspicion is that investors are going to get nervous well before then, though, because if 10 is still looking like another Vista/8 then the strategy isn't going to work and Microsoft is at a serious risk of losing its market dominance no matter what else is going on. They would need new leadership in place in time to produce an acceptable alternative for the other half of the market before the end of Win7 support forces those people and organisations to make the hard decisions, very possibly at Microsoft's expense.

As of the cut-off this week it isn't looking like the "get everyone onto 10" strategy has worked so far, so my guess is Nadella has to come up with something new by probably next summer or he's done. It wouldn't surprise me if plan B has been in the works for some time and is announced in their next quarterly update, along with a positive spin on Windows 10 results that will objectively still show that roughly half their market didn't move to 10 even when they literally gave it away. I have no idea what sort of plan B would fit with Nadella's overall vision, though, and it also wouldn't surprise me if they keep doubling down on 10 and the cloud strategy.

I think Nadella has probably explained his long-term strategy to the board clearly and that it might take a while, even past 2020, so his job is not at risk. I agree that 2020 will be a critical year because companies will have to decide to stick with the Microsoft latest system, move to something else or keep Win7 running securely without MS help. If MS loses market share they are still going to continue to dominate the market for a long time and leveraging user personal info is "where its at" today in tech companies, i.e. the future, so no one is going to panic. The era of licensed software is ending (its now a service) and its clear with the success of marketing companies like Google and Apple that the biggest players will be marketing companies not technology companies. Microsoft is playing catch up hence the heavy-handed push for Win10.

I disagree that Win10 is a failure like Vista or Win8. I like Win10, I think it is better than Win7 (which I like a lot) and would upgrade in a second if Microsoft was more transparent on what data is being sent home under the rubic "telemetry" and they allowed me the ability to block or turn this off if I don't want to participate. The EU is already questioning the privacy concerns of Win10 and it seems likely that the US anti-trust division isn't going to stand around and do nothing. I am afraid that this time the Justice Department will break Microsoft up into separate companies due to their "unfair" advantage if they continue down this path.[1]

[1] Not a fan of the anti-trust laws, I think they are too undefined to follow ex ante and are used for political prosecutions ex post but this is the current legal status of the country.

I'm sure the board is behind Nadella's strategy. It was pretty obvious what they were going to get when they appointed him, and no-one could say he hasn't followed through on the vision.

It's the investors that will force the issue if anyone does, IMHO. Yes, often investors just follow the patterns and trends because that's where the money usually goes as well, but if Microsoft have any major institutional investors that are looking a bit deeper, I could see meaningful concerns being raised if the picture isn't looking a bit more healthy by 2-3 years before the Win 7 "deadline" arrives. If those concerns aren't then robustly addressed, I could see shareholders forcing through a change of leadership and strategy.

As for what constitutes success for 10, it's hard to say objectively, but I suspect it will always be held back as long as the telemetry and forced update concerns persist. There's a certain part of the market -- apparently quite a substantial part, though it's hard to gauge exactly how much -- that really, really doesn't like those things. Given that 10 seems decent enough in most other respects and it does have some potentially useful incremental improvements over its predecessors even if it lacks any really compelling selling points, it seems like Microsoft could make the bad PR go away almost overnight if they just reverted to their traditional strategy by giving control back to their customers and being transparent and less greedy about the data collection.

However, this brings me back to the question of the new business strategy, because it seems shifting control and data back to Microsoft's hands are basically the things Nadella is all about. If customer resistance to that strategy is what is holding back more widespread adoption of 10 and limiting Microsoft's future potential, that doesn't look good for the current leadership team.

> They want to shutdown support for all the remaining operating systems and push everyone onto Win10 as quickly as possible.

They want to move everyone to Windows 10. This does not involve shutting down support for anything else. The support periods are published a long time ahead, and as you say yourself, Windows 7 will be supported until 2020.

> Win10 is not going to be installed in any business that needs high data security either for operations or regulatory requirements like HIPPA or the SEC, etc.

You appear to have missed the fact that the US Defense Department has already starting moving four million users to Windows 10 precisely because of the advanced security. I know banks and other organizations that are moving, too.

DoD-Wide Windows 10 Rapid Deployment to Boost Cybersecurity By Cheryl Pellerin DoD News, Defense Media Activity http://www.defense.gov/-News-Article-View/Article/688721/dod...

Enterprise windows is probably much, much better than the retail version in that admins have an incredible amount of control through GPOs and the like, including turning off many features that we dislike. That does not mean that it doesnt require a lot of work. And, we the little guys still get stuck with the retail version that makes it difficult to turn all of these options off in a central location with clear settings.
Yes, they are much better and yes, you control things via GPOs. See https://technet.microsoft.com/en-us/library/mt577208%28v=vs....

> retail version that makes it difficult to turn all of these options off in a central location with clear settings.

Just type privacy in the search box and go to the central location that has very clear settings. It's called "Privacy settings".

It takes a minute or two, but it's not actually hard. (I'm now sorry I didn't time myself doing it.)

It also provides excellent control over which apps can use your camera and microphone, and you can block all of them.

You can go to "Speech, inking and typing" and click the button that says "Stop getting to know me" to turn off personalization. That page also has a link to privacy statements and a link to take you to Bing where you can delete any personalization info that has already been stored.

It looks pretty clear to me. I'd also be interested if you can explain how this is any harder in Windows 10 than it is in Android or iOS.

I agree with eximius and would add that special versions (or treatment) available to the DoD, banks and other large orgs who have clout is clearly not what I was talking about. Also, my point with Win7 is the that, unlike WinXP, the termination date will not be extended by Microsoft regardless of the outcry. They view that as a mistake and its is counter to their new strategy of the OS as a marketing platform.
> special versions (or treatment) available to the DoD, banks and other large orgs who have clout is clearly not what I was talking about

What you said was:

> Win10 is not going to be installed in any business that needs high data security either for operations or regulatory requirements like HIPPA or the SEC, etc.

How on earth do you think you were not talking about "the DoD, banks and other large orgs"?

If you're only talking about consumer versions of Windows 10, what is the point of mentioning HIPAA (it's not HIPPA) and the SEC? ;-)

My points are clear to anyone trying to understand me.
I understood you perfectly well. I was just pointing out one of the obvious mistakes.
So you are admitting that you are dishonest prick?
Nope. I think you should look in a mirror. Either way, that's not an appropriate comment in this forum.
You seem to think that your relentless M$ advocacy in this thread will benefit them from a public relations standpoint. Frankly after reading all your comments that seems unlikely.
One man's "relentless advocacy" is another man's "telling the truth". I take it you'd prefer things that are not true to go unchallenged?

By the way, the use of "M$" is childish and usually marks out 1990s bigots. It's not a good look.

"M$" is childish and usually marks out 1990s bigots

When you walk around with a big red button on your forehead, you've got to expect people to press it.

Even more childish that I thought....
It's safe to say that whatever worries the DoD may have about Windows 10 are going to be readily addressed by MS but most people/businesses won't have that luxury.
> Win10 is not going to be installed in any business that needs high data security either for operations or regulatory requirements like HIPPA or the SEC, etc.

Nah, I have worked with HIPAA compliant businesses before and as long as the data MS collects isn't (demonstrably) leaked to malevolent third parties they won't care. They upgrade to whatever MS tells them to upgrade and these kind of OS issues aren't discussed at all. They care about the privacy of the information they deal with directly but whatever the OS does under the hood it's assumed to be proper.

I wouldn't be so blase. First, that was all true BEFORE Microsoft made Windows a marketing platform so all bets are off now. Also, that decision (what is safe and not safe) is not up to the regulated business to make, its up to the regulators. If you have not worked in a highly regulated business you can't know what this means in terms of arbitrary and unnecessary rulings and requirements imposed on a business, regardless of whether they make any sense. Moreover, for the first 10 years of its existence, HIPAA was a homeless step-child in the Federal government but fairly recently (5 years?) it found a enforcement home (and more importantly, a budget) in the Health and Human Services department. They are now building their budget and have developed their enforcement strategy that started with big insurance companies and large PPO/HMOs (you may have heard of some big cases in the news). HHS's plan is to ultimately push enforcement all the way down to the practice level.

FYI, most IT companies don't know this but back in 2012 or 2013 the new HIPAA enforcement division issued a decree that HIPAA applies directly to any IT companies that service organizations that handle personal health data. Prior to that proclamation I was operating under a signed declaration with my clients that my business was not responsible for HIPAA enforcement or violations (I just fixed the computers). That method of limiting my exposure and liability, according to my lawyer, was no longer feasible and I could be hit directly with HIPAA violations and fines and they required onerous documentation and procedures when dealing with PHI. At that point, at significant cut to my income, I dropped all my healthcare/medical clients.

In the long run the regulatory agencies are captured by the regulated business and the requirements imposed are fairly sensible but by my guess is that we are at least a decade away from that regarding HIPAA especially considering its only now starting to be enforced with audits and fines.

I wasn't suggesting that HIPAA compliant businesses were "blase" about data protection, just that (like many other businesses) they place way too much faith in Microsoft, sometimes sidestepping important and legitimate debates about their OS and where it's going.
What I find most appalling about Windows 10 is the draconian "default install" options. Seriously, how did having a key logger as the default option get through privacy review? Also desktop ad tracking?

I said no to three solid screens full of what I consider to be highly privacy infringing settings on install, all of which were on by default if you didn't do a "custom install."

There is no keylogger in Windows 10.

Also, you can change all the privacy defaults later. Windows 10 provides a lot of privacy controls, so I actually prefer to do it that way.

Update: thanks for the downvotes, redditors ;-)

I think this is in reference to the setting that says (paraphrasing) "Send samples of my typing to Microsoft so Windows can offer better suggestions as I type."

If you don't disable this in a "custom" install, or later in the system settings, it's on.

A keylogger is a surveillance tool that collects every keystroke on a PC and sends it to a remote location without your knowledge.

On that (correct) definition, Windows 10 doesn't contain a keylogger.

UPDATE: First, it doesn't collect every keystroke. Second, it doesn't send every keystroke to Microsoft. It generates information for personalization purposes, some of which is stored locally on your own PC, and some of which is stored online where you can delete it at https://www.bing.com/account/personalization

Note: downvotes don't change the reality. If you can't handle truth, that's your problem.

For most people you just have to remove "every" from the definition. I don't think they are aware of what's happening.

That and Microsoft can probably turn it in a real keylogger if they want/have to but it's speculation

So could Google or Apple on any of their devices.

The point is that people are mis-using the word keylogger, either because they really don't understand what's happening, or as a device for scaring people. Neither is satisfactory, especially not on HN.

It has some qualities of keylogger software and that's the implied context. It may not be and probably isn't a variant of what would one think as classical keylogger (but what do we know, they say they collect keys without explaining at all how they are processed before they are sent) but if it sends every second or every third keystroke or if it sends poorly aggregated statistics that still leak usable entropy in Shannonian sense then that software could rightfully be said to mimic a keylogger.
Think of it this way: Microsoft isn't interested in individual cars, or their occupants, it's interested in traffic flows, and especially in crashes. It's dealing with anonymized, aggregated data, and the dashboards that Microsoft programmers can access look much like Google Analytics.

Microsoft wants to know how often people use, say, Notepad, but it has no interest at all in what you write in it.

They're doing that to improve the product, in exactly the same was as Google does with Gmail or Facebook does, though I think Windows 10 is a much lower privacy risk than those.

Personalization is another step, and you can turn it off. Every major voice recognition and handwriting program has always done this: they create templates (or whatever) that enable them to work better for specific users. Most of that info is held locally anyway.

None of this is remotely like a traditional keylogger.

> Microsoft isn't interested

Who knows what's on Microsoft's mind. They are burning bridges by including ads in Windows, by that alone they are (mildly) evil or insane so appeals to what Microsoft wants or is interested in loses meaning because they aren't acting completely rationally.

> It's dealing with anonymized, aggregated data

Even if I trusted them to not act maliciously I can't trust them to be competent, and there's plenty of historical evidence for that. Either they spew how they aggregate data or I don't trust them for the already mentioned reasons.

> you can turn it off.

Informed consent is the keyword. They didn't get it for arguably very invasive behavior many informed people would object to. I shouldn't be flying around turning three pages of settings off on my relatives' computers because Windows 10 installed itself or explain lengthily why turning certain settings isn't necessarily in their best interest, that's Microsoft's job and they failed at it.

"Keylogger" may be a little bit of an inflammatory way to put it, but it gets the point across: Windows sends an unspecified selection of your keyboard inputs to Microsoft's servers, and it doesn't inform you what it's sending or when it's sending it. If you want to language-lawyer it, fine. Calling that property of Windows 10 something different doesn't change what Microsoft's doing, and it doesn't make me like it any more. That is the point. Missing the point is why you're being downvoted.
I'm not missing the point. Calling it a "keylogger" isn't just inflammatory, it's wrong.

Being upset about what Windows 10 actually does is fair enough -- I understand that not everyone wants things like telemetry and personalization (or maybe just not on Windows). It's not an excuse for claiming it does things that it doesn't do.

Does it log keystrokes and send them somewhere?
No.

What would Microsoft do with billions of keystrokes from approaching 1.5 billion PCs? Especially since most of those keystrokes are probably Solitaire or GTA or some other game, or else they're from email or social networking (where somebody else has far more interest in your keystrokes).

In any case, running a real keylogger in Windows would be a magnet for the NSA and similar services, which would end up being far more trouble than it was worth....

(comment deleted)
>> Does it log keystrokes and send them somewhere?

> No.

Then you should say "It's not a keylogger because it doesn't send keystrokes anywhere". Not fuss about whether the definition of keylogger requires capturing every key.

But please explain how "send samples of my typing" does not involve sending keystrokes.

Suppose Microsoft wanted to analyze some pretty interesting parameters of typing -

- frequency of different keystrokes

- frequency of keystrokes as a function of the preceeding 1, 2 or 3 keystrokes

- mean delay between any set of keystroke pairs

- standard deviation of delay between any set of keystroke pairs

Would you be able to design a system to collect this information that would not allow reproduction of any particular sentence typed by a user?

Would you be able to design a system that collects this information locally, creates the probability matrixes and sends them to Microsoft without sending the keystrokes themselves?

The proposed system above is almost trival to build, and yields significant and useful information that Microsoft would be interested in collecting.

I am not an expert in this area, nor am I clear that the above is what Microsoft is doing; but it is what I would imagine they want built, and it seems to be a pretty legitimate way to collect information without exposing the user to an actual keylogger and avoids most of the security issues that such a thing entails.

We don't know how it works. Why wouldn't Microsoft explain exactly what is sent and make it inspectable.

> frequency of keystrokes as a function of the preceeding 1, 2 or 3 keystrokes

Sequence that's unusual in a language and has reported frequency that's above what you'd expect from errors will probably be part of recurrently entered password. Depending on how stupidly the telemetry is done this could be leaking significant amounts of data for certain users. Did random poorly informed user agree to this? Probably not.

> Why wouldn't Microsoft explain exactly what is sent and make it inspectable.

I agree with you: I think it should.

I also think we should get the same info for Android and iOS as well, but we don't. Further, what about the massive amount of telemetry built into online services such as Gmail and Facebook? Again, there is only silence....

By the way, I think that the typing stuff is only relevant to on-screen keyboards, where Microsoft does a huge amount of tricky stuff to make text entry more accurate. [0]

Windows 10 obviously has a built-in touch keyboard....

[0] https://blogs.windows.com/windowsexperience/2012/12/06/the-s...

Although that's about Windows Phone, Windows 10 is a mobile operating system designed to merge the PC, phone and Xbox platforms.

> I also think we should get the same info for Android and iOS as well

Don't derail. What's going on there is travesty as well, doesn't mean that Microsoft should get a license to break established practice on PC compatibles if Apple and Google decided to take a dump on phones.

> Further, what about the massive amount of telemetry built into online services such as Gmail and Facebook?

They are services, they can't not touch information, when you use these services it's implied that data is processed by them (unless there's some very fancy client side encryption that almost nobody use) and you implicitly agree to it.

> I think that the typing stuff is only

More interesting to wider audiences would be what you can prove. Why wouldn't Microsoft be more specific, why wouldn't they publish exactly how everything is processed if everything was really beyond reproach as I believe you suspect.

It's not a derail. I've already pointed out that Windows 10 is a converged mobile operating system, and some of its features come directly from Windows Phone (Cortana, Notifications etc). It has a lot of characteristics in common with iOS and Android, and together they illustrate a common problem.

Nobody is going to turn the clock back for you. If you don't want a cloud-supported mobile operating system delivered as a service and supported by an app store, then you should stop using Windows 10. Your choice. Nobody will mind.

Or you can use Windows until 2020, but remember, that now has telemetry as well.....

> cloud-supported

Is a nice word for invasive to poorly informed people. Just because it's trendy (or "modern") doesn't mean that it isn't ostensibly bad.

> Your choice.

It's my choice and Microsoft has every right to crap on their users (if they obtain informed consent, which is again very much arguable). I'll have to sell relatives on switching to Linux and I'd prefer if I didn't have to do that. Lastly, that's beyond just my choice, Microsoft is setting dangerous precedents on x86 platform.

It's cloud-supported in the same way as iOS and Android. In your terms, those are also crapping on their users (Android even more so), but sales of iOS and Android devices seem to be pretty healthy to me.

The whole world is moving to mobile OS's, so why on earth would you think that Microsoft wouldn't go the same way?

There's always Linux for the 2% who care.

> but sales of iOS and Android devices seem to be pretty healthy to me.

Doesn't mean they aren't bad. You are trying; please don't be a walking logical fallacy. E.g. Windows's security story isn't admirable, to say the least, even though sales are healthy as well and have been historically. Sales doesn't indicate informed consent. Consumers buy what WE peddle them. Some people managed to push them invasive tech and I'm sure many would prefer other options if they could have them and were informed of them. But between iOS and Android there is little choice. Still doesn't mean that because people were pushed to badly designed software on phones that this is excuse good enough to push it on PCs.

Capitalism in action. Good luck with that....
By that definition HN is a keylogger...
The difference is that the implicit contract is that HN is getting the keystrokes that I submit while this textbox has focus, like this text, but not when it doesn't, like the entire source to the death star that I just typed out after clicking outside this textbox.

The contract that you opt-into and on-by-default on W10 indicates that if I clicked the desktop and proceeded to type the entire source to the death star, there is a possibility that all or part of those keystrokes would get sent to MS and possibly stored, even though I had no intention of communicating or transmitting that information.

(comment deleted)
HN does not collect keystrokes, I typed a word here "" erased it and that information was not sent to HN.
And if you typed that comment on Windows 10, would Microsoft know what word you typed?
No.
How else do you expect "as I type" to work? Do you think the OS is reading your mind so it knows ahead of time what your going to erase?
Yes, "offer better suggestions as I type" only works if you send information without waiting for a conformation."

Now, this is not necessarily evil behavior. Analyzing things without conformation is how auto complete works. The question is it ok for Windows to do this as a default without making it clear that's the goal?

Honestly, my fear is MS believes they have already lost the war due to Android and iOS being so dominate in other form factors. So, their goal is to extract as much money from people as possible even if they never buy another copy of windows again. For that to work they need to be selling something to third party's.

So if I have malware that records my keystrokes in all programs outside of the start menu, and sends them home secretly, that's not a keylogger, because it's not every keystroke?

It is not good that you're calling people out as having problems and being below the level of discourse expected on HN just because their definition of keylogger includes programs that only log the keys used in other programs part of the time. That you won't acknowledge any chance that your definition isn't the best one.

A software that only collects half of the keystrokes is still a keylogger in my book.
This is true for android too. I think most people don't care. I've certainly given up trying to get my father to care about all this.
Being confused is not particularly useful. One of those articles is old and the other mainly has a sensational headline. There's no evidence in the text that the writer knows what a keylogger is, but he does say "Click Turn Off and you’ll be free from the watchful eye of your own PC". He doesn't say "Click Turn Off and you’ll avoid having all your keystrokes stored on a Microsoft server."

In passing, yes, there was a keylogger in the Technical Preview version of Windows 10.

I get the sense privacy review is "how can we maximally invade privacy?" I'm sure it got through fine.

Since everything is free now, spyware is the only viable B2C business model.

> Since everything is free now, spyware is the only viable B2C business model.

Everything is not free and spyware is not Microsoft's business model. (It makes very little money from ads, and most of that is sold by AOL for Bing.)

The Windows B2C business model is to charge OEMs to install Windows code on PCs, and to charge users for upgrades. This is exactly what it was before.

UPDATE: The extra profit from Windows 10 is earned from your use of Bing. (You will recall that Google and other search engines pay vast sums to get people to use their search by default.) In the case of Windows 10, your extra use of Bing comes from Cortana firing up the Edge browser and doing a Bing search. You may well find this annoying or even evil, but it seems to me that OK Google and Siri do much the same thing.

That is the traditional model, but the reality is that little of the Windows revenue come from upgrades and PC sales are falling. In addition to Bing, there is also the Windows store. And there is also the B2B model of Software Assurance.
Absolutely true.

And because, as you say, "little of the Windows revenue come from upgrades," Microsoft didn't give up much income by making the Windows 10 upgrade free for one year (though it did add a bunch of server and bandwidth costs).

To compensate for falling PC sales, Microsoft is clearly heading online as rapidly as possible, with Office 365, CRM, Azure etc.

It's also heading cross-platform with online services and dozens of apps for iOS and Android, and Linux support in Azure and Windows 10.

Times change....

But my point was that the Windows 10 business model hasn't fundamentally changed, even if Microsoft manages to make a bit of extra money via Bing ads and Windows Store apps.

I have participated in privacy reviews at one of the largest tech companies and they basically boiled down to 1) are we making sure this behavior is disclosed somewhere, 2) can we get sued for this, and 3) will this enrage people so much that it's not worth the bad PR.

Those were the 3 concerns and while my personal privacy standards are a lot higher than that, these companies are targeting the mass market so I don't think this attitude should come as a surprise. While we can and should try to educate the mass market I think if you want a more private and secure product then using the same product they use will probably always leave you disappointed.

If the default settings are for user information to be shared, then the defaults are evil (even if the intent behind them is not). I say this because they know most people will accept the defaults.

Maybe there needs to be a law about default settings and privacy.

Or we should stop overlesgislating. Users are responsible for their own actions.
I used to think that but the unchecked greed of corporations is disgusting. It is obvious that they will act unethically for a buck.
I agree, people are all to quick today to say, hey I don't like what that company is doing! Lets write laws to force them to change! It's like people forgot that the ultimate form of voting is with your dollars and patronage/use (even if its free). If you don't like what a company is doing, why are you supporting them by using their product? I know this doesn't work for some monopolies, but Microsoft is far from a monopoly, use Linux or OS X. Show them how much you are dissatisfied with their approaches by abandoning their product suites.
The problem lies with when the malicious(IMO) practices become ubiquitous AND profitable it becomes the norm. Any informed user would question thee practices IF THEY WERE INFORMED.

MS has a monopoly, through intent & ubiquity, on business class software, gaming & new computer sales(w/ OSX it is duopoly). Sure there are options for the technical folks, for everyone else it's spyware.

Because we actually do want to use Microsoft products, or Apple, or Google, or Facebook.

If we don't enact laws then jumping boats only leads to the next popular thing being careless with our privacy. I want to be certain that regardless of what software I'm using the people who developed that software have a common concern for the protection of privacy. When enough people have a common concern we usually enact those concerns in laws because it's the minimum we expect from civil participants in society.

Alright, I concede, there should be laws surrounding principles of basic privacy in which the use of opt-out features must be converted to opt-in and cannot be masked around dark pattern UIs, and any remote communication that includes personal data must be clearly stated in both its execution and intent.

But saying you want to use Facebook is like saying you want to get cancer.

I thoroughly agree with you regarding Facebook. Putting that in with the others was ludicrous. Personally, I haven't been on Facebook for over a year and have no intentions of ever using it again.
I'm no fan of facebook (Deleted my account in 2007), but they were better about privacy than MySpace (especially under News Corporation), which they replaced.

If this trend continues, the company that replaces facebook will have much better respect of privacy than those that came before it.

That's a problem with these industries of oligarchies and megacorps. If we say, "Microsoft, we refuse to use your product until you fix this", there isn't an alternative to go to to force them to change.

There are a number of cultural issues that we'll have to face, but the cognitive dissonance that occurs in corporations whereby employees make decisions that benefit the company but harm themselves is one of the most important.

Linux or another OS could (and can) emulate the Windows API though, even if it's an imperfect solution
Really, the vast majority of what I use my computer for, Linux is a better OS than Windows ever was. But even on Mac (which I never use) I'm generally OK as long as I can install a decent web browser.

For the average computer user, Windows is not really necessary, and equivalent software exists on other platforms. For professional users this probably isn't true, and it'll depend on what their businesses choose to deploy, and how cross-platform that software is.

I currently work for a datacenter that officially support Windows and Mac, and allows employees to run Linux unofficially and self-support. While the community that arose from this is quite frankly awesome, it's been a troubling journey, and I still have some convenience features that I learned to live without. Windows, for all its faults, has tighter integration with all of our company's tools, and living without the un-managed company images and easy updates is unproductive for most of our staff that aren't linux/mac enthusiasts. The choice is there though, and I'm grateful for that.

The problem with linux is the zero discoverability. I am sure it is extremely powerful to an existing expert who knows all the syntax of the command lines by heart and understands the architecture of the system, but the RTFM approach is not appealing to everyone.

Particularly to enthusiasts like me who like to do advanced stuff occasionally, ie not frequently enough that it makes sense to learn by heart all sort of commands, and where the cost of having to understand all sort of concepts and acronyms is prohibitive if I just want to do something once.

Windows for that is very powerful, the UI goes quite a long way.

> Windows for that is very powerful, the UI goes quite a long way.

Fine for doing the basics (slowly)... Until you need to do something even semi-powerful, then you will curse the lack of a good CLI.

I find in Windows that because most programs don't actually support a CLI at all, it's actually impossible to do lots of stuff that I'd like to do.

Plus I get a nice feeling when I can put together an elegant little sed (or whatever) command to do exactly what I need to do in seconds. The learning curve is high but the satisfaction is great, same as learning programming.

I can see how having to google for commands is a bridge too far for some people, but I get much more annoyed having to do extra mouse clicks everywhere than having to google a command that I can hopefully find a use for later as well.

Source: linux user who is forced to use windows all day at work.

> Fine for doing the basics (slowly)

I fundamentally disagree with that. If you are trying to set up a single Virtual Machine having never done it, you will go way faster with a UI than if you need to figure out the commands and how the whole thing works. If you need to set up 100 VMs then yes, CLI becomes the fast (and only practical) way.

> I find in Windows that because most programs don't actually support a CLI at all

Windows has CLI support for pretty much all advanced features, although admittedly scattered across various technologies. Where it lacks CLI is for user features, like customizing the UI of the desktop, switching off sounds, etc.

> The learning curve is high but the satisfaction is great, same as learning programming.

A steep learning curve is not a positive thing. Having a powerful IDE goes a long way to make a programming language self-discoverable and flattening the learning curve (Visual Studio for C# and VB is for that absolutely priceless). I wish CLIs had powerful autocomplete features that were aware of the state of the system (like you type "Stop-VM " and the autocomplete would suggest the names of the VMs available in that context). The most advanced CLI in windows (powershell) is miles away from being that good. And as far as I know there is none of that in Linux.

And keep in mind the problem is not just having to "google the syntax". You have ten different distributions of linux, 10 different tools to do the same thing, all have different syntax, acronyms, concepts and commands that will break the system if used against the wrong version. Since there is no easy way to visualise the state of the system, it is very hard for a non experienced user to progress in linux, and trial and error is time consuming and not fun.

I am not a fan of Windows, and in fact I am seriously considering switching to Linux rather than having to use Windows 10. But all these things are holding me back. I am not an IT professional and only have a limited amount of time I can spend re-learning the basics (firewalls, setting up websites, virtual machines, various jobs, etc).

What I wish existed is an environment that was maintaining a perfect symmetry between UI and CLI, where everything can be done with a UI, but where the OS gives you the CLI equivalent of what you are doing with a UI (a bit like Excel's record macros).

Excellent points.

Just a comment: you can use a GUI in linux just like in Windows, it's just that mostly everything is CLI-aware, or has a CLI command as well, which is nice when you want to script something.

It would really be nice to see smarter autocomplete on the CLI, hopefully someone is working on it. I can see why it might be complicated to implement though as you'd need better integration with the terminal for autosuggest popups, etc, and this might not work well over ssh.

Also a better way to find commands that you don't know about yet would be nice, maybe searching installed programs by feature? Like "findcommand image" would give you a list of programs that can modify images, and what they can do to them?

I don't even Google most of my commands anymore, unless I'm pretty sure I'm running into some weird distro-specific issue. These command easily gets me through most of my day now:

man [thing I want to know about]

[command I'm trying to run] --help

There is a learning curve for Linux, but realistically, I found it to be about the same learning curve as using anything I hadn't used before on a Windows system. For basic tasks, Ubuntu Desktop is pretty darn fantastic at working out of the box, and its Software Manager parallels the Windows app store quite nicely for programs that do normal things. (Web browsers, ftp clients, office software, music players, etc etc.)

I choose to run something more complex (Arch linux, presently) because I want to know more about my system, and because I like experimenting with desktop environments. But once you understand how one package manager works, you can perform most basic system administration tasks between the various distributions without a huge amount of effort, and the package manager takes care of most of the fiddly configuration details for you in the process. I find this far easier than trying to set up services in Windows, or dealing with the awful registry.

Of course, I do still keep Windows around. I have a dual boot on my home desktop, and I boot into Windows regularly for the sole purpose of playing games. For all the things I love about Linux, the one thing the community still hasn't gotten down as well as a Windows system is proper GPU acceleration. For now, Windows takes the cake easily on that, and it's reasonably stable when that's all I use it for.

Yes, man [command] is good 95% of the time. Weirdly it doesn't seem to always show the options I need though, it sometimes just shows the basics, and I need to google "manpage [command]" to find the one I want.

I do find the lack of standardization on command arguments slightly annoying in linux... Is it [command] --help, [command] -h, or just [command] by itself? It would be nice if there was something that could be relied upon.

Also handling of filenames with spaces could be standardized as well. Is it -0, -print0, or --null to get null-termination? I always forget which program wants what.

Unfortunately, I have to keep Windows around for Ableton Live. Linux is not great for professional-ish audio.

You've heard of dark patterns right? Dark Patterns are User Interfaces that are designed to trick people.

In my opinion that shares a remarkable similarity to the concept of fraud: In law, fraud is deliberate deception to secure unfair or unlawful gain, or to deprive a victim of a legal right.

How can the user be responsible for their own actions when the results of their actions are deliberately obscured by the people who wrote the software?

In that case, could you not just sue them for standard fraud?
Because the current law on fraud is not enough for this. And that is a good thing: a fraud law so flexible as to prevent this beforehand would clearly be an overly broad law.
Agreed, for sure. I think I'd prefer something like an International Standards / World Best Practice certification, along with a mandated plain English (or whatver localised language) EULA.
There is no such thing as a plain language EULA. They are legally binding contracts and therefore must use legal terminology. Even when companies do provide an alternative "non-legalese" version, there's always a clause indicating that the legalese version takes precedent in any legal interpretation.
Everyone should be forced to read this statement until it sinks in.
> They are legally binding

That's debatable. The enforceability of an EULA depends on the details of the situation.

> contracts

Many are not a contract, which has specific requirements. Even when an EULA is a contract, unconscionable parts - perhaps a clause that is clearly about a "dark pattern" scam - can be nullified.

There's some misinformation here. They are certainly a contract, and are handled as such in law suits. In fact, one mechanism by which they are sometimes invalidated is called "contract of adhesion", which of course cannot happen if they are not a contract in the first place. [0] However, even then, being ruled a "contract of adhesion" simply allows clauses of a contract to be ruled invalid based on a much tighter set of criteria. The fact that the EULA is a contract itself will still stand. [1]

Also, every contract may contain clauses which may be ruled unenforceable. This is not an unknown, and is why every contract has a severability clause. [2]

[0] https://en.wikipedia.org/wiki/Standard_form_contract#Contrac...

[1] https://en.wikipedia.org/wiki/End-user_license_agreement#Enf...

Specifically: "No court has ruled on the validity of EULAs generally; decisions are limited to particular provisions and terms."

[2] https://en.wikipedia.org/wiki/Severability

The update is quite an obvious popup, and is similar to an update (which you agree to receive automatically). You didnt agree to receive it automatically because they wanted to be obscure, they made it the default for legitimate purpose.

Also the privacy settings are not "obscure" there are options when updating and options in the settings menu quite visible.

I agree that it's better when we can do without legislation and rely on individual action instead. For example, individuals should be able to take a copy of Windows 10, reverse engineer it, disable the spyware and offer the result for free download.

Unfortunately, government legislation in the form of copyright law prohibits this. If it were up to me, copyright law would be repealed. But failing that, we can't have a situation where all the laws favor corporations and none favor individuals, at least not unless we want to slide into the kind of dystopia cyberpunk writers have been warning us about for generations.

No, users should be free not to use the proprietary software.
(comment deleted)
Unfortunately, government legislation in the form of copyright law prohibits this.

AFAIK what it doesn't prohibit is sharing information on how to disable that spyware, or even software that will do it for you.

Take an original Windows ISO, feed it to an app, and out comes an ISO with your customisations. If you're feeling neighbourly and rebellious, you can share that ISO with others. This is not a new concept --- see projects like nLite, and all the various customised Windows versions that you can find on the torrent sites.

Nice opinion, care to offer a solution to the problem in the OP instead of parroting a libertarian talking point?
A less heavy-handed alternative could be to pass a law requiring the clear disclosure of certain privacy-compromising or otherwise user hostile behaviors prior to installation. Not hidden in a 100 page EULA that no one actually reads, but summarized briefly and clearly on the same screen where the user consents to the install. We do this kind of thing successfully with nutrition facts for example. This regulation would be easier for even small companies to comply with, and as a consumer if you still eat the candy bar or install Windows 10 at least you're informed and who are we to say you shouldn't be able to make your own choices.
That feels like the android permission page all over again. Not saying I have a better suggestion but that didn't seem to change things for the better much.

[Edit] Maybe add a sample of live data potentially usable with the requested permission? Give people the 'why does he want my fiancé's number?' moment

The problem with the Android permissions page, in my opinion, is that it doesn't give enough information for people that care, and it gives too much information for people that don't. It's pretty much impossible to create any non-trivial app without at least one permission that will cause the permissions pop-up on install. That's the "too much" part. But then, it doesn't show you the actual permissions requested, but instead some general grouping that makes it extremely difficult to know exactly what you're agreeing to without feeling paranoid. That's the too little part.
The Android permissions system has changed a lot in Marshmellow. Now the system ask for your permission when an app actually requests personal information, not when you install an app for the first time.

It's still inferior to Cyanogenmod's Privacy Guard feature that can silently revoke permissions without the app being aware of it, but I think it's a step in the right direction.

... and still almost no-one has it. Those who are eligible for it are also omiting it because it takes away vendor features like STAMINA that's superior to Doze on Sony devices. Some are also omitting it because of the various Bluetooth audio issues.

What I'm trying to say is that there are various other reasons people care about then just permissions and security.

I have it. All it did was move the prompt from installation to app startup. AFAIK the permissions themselves did not change, and it definitely still has the problem of overly-broad generic groupings.
You can remove permissions you've given to an app as well, under Settings > Apps > [App] > Permissions.

I think it will cause the app to ask you for permission again when it starts, but it's good to know it's not a one-time-only option.

This might just be me, but I feel like the big win would be exposing the permissions an app requests in the Play store search/browse experience. The store often returns 5 or 10 apps which all seem to do basically the same thing and I don't know which to install. If I can sort them by least Orwellian first, my decision is made.
...who are we to say you shouldn't be able to make your own choices.

Externalized costs complicate the libertarian approach.

What are the externalized costs of running software that violates your privacy?
For starters, it often forces others to run the same software and allows privacy-violating corporations to earn more than responsible corporations.
That is a really extreme definition of externalized costs in my view. No one is literally forced to run the same software as someone else.

By extending the definition of 'force' to include 'being inconvenienced' we cheapen and muddy an important concept. Asking your colleague to convert a Word doc to a different format is inconvenient. But forcing compliance for something via fines, jail time etc. - essentially at gunpoint - is a much more serious affair, even if the person being forced is the CEO of one of those evil privacy-violating corporations.

If you draw the line that far away from sanity then, really, non-smokers aren't forced to breathe foul air (they must simply inconveniently hold their breaths and stay inside), poorer children aren't forced by drivers using leaded gasoline to have brain damage (they are simply inconvenienced by having to be born into a richer family), and illegal overfishing doesn't force other fishers to overfish to compete and eventually collapse the ecosystem.

Your appeal to worse problems[0] does not invalidate any of the problems with privacy violations we are discussing here.

Here's a better definition of externalized costs in the form of force: any behavior which, when engaged in by a company, causes other companies' or users' life options to be reduced (even if just by increasing inconvenience of safer/healthier/more private options), or which when practiced by a plurality leads to a net negative result for society at large, is an action resulting in externalized costs.

What is your horse in the race?

[0] http://rationalwiki.org/wiki/Not_as_bad_as

Externalized costs would make tons of entire industries completely unviable. We as a society completely ignore them when it comes to business for a reason. It's shitty, and usually at the expense of our long term sustainability, but good luck changing it.
The problem is, in today's world, where companies like Facebook and Google only exist because of lack of informed consent, you'd find the amount of lobbyist pressure not to pass such a law staggering.
This is exactly the problem. What is needed is a movement of angry populists which will unfortunately introduce its own set of problems.
Although I agree with you, I'd say it's just as much because of massive apathy as lack of informed consent.

I can't even bring myself to use Facebook with how little I trust them with my information, but my friends are comfortable logging every place they go in it for the whole world to see? I can't live in this world...

There's definitely a lot of that too. But sometimes I'll tell a casual user to check out the Google Location History page, and they're SHOCKED to see Google knows where they are all the time. Many people are basically apathetic about it, until they're confronted with the full scope of how they're being tracked.

This isn't to say Facebook is better, it's just far easier to surprise someone with Google because Google makes it possible for you to see what they know about you. It's safe to assume Facebook has the same information.

True.

I was already aware that they were doing it, but I was still shocked to see it in the Google Maps App (Menu-Your timeline).

Just seeing all that information about me with a nice calendar interface of where I've been on any date, I found very confronting. Up until then I had it in my mind as some ethereal "I know they have that information", but it's just so easily accessible it's scary.

And the creepy notification popups asking me for more information about places that I've been... Creepy.

It's still turned on for the time being, because I'm vaguely curious about the tracking itself, but I'm very nervous about the whole thing...

This is the Microsoft which ran a two year 'Scroogled' campaign.

The old adage, 'never pay any attention to what companies say, only what they do', is as true as ever.

> The old adage, 'never pay any attention to what companies say, only what they do', is as true as ever.

This also works for politicians.

It honestly works for everyone. Words are cheap. Actions matter.
I've got a Surface Pro 2 currently running Win10 and a MacbookPro running OS X 10.11.5.

I run Little Snitch on my Mac. The number of "outgoing" connections for every tom dick and harry app and OS call is nearly as bad as what Win10 gets lambasted for.

Install 3rd party apps, it's a great thing to watch.

Stop with the hyperbole. It is the industry standard and that is what needs to be fixed.

1) How do you fix that something is a standard? By not accepting it being done by yet another company.

2) This is not just about the number of connections that are made. It's about the amount of information that could be collected through those connections.

And Microsoft's Privacy Statement asks for legal permission for them to collect, store and share any of your content.

Apple's Privacy Policy does not, as far as I can tell.

https://www.apple.com/privacy/privacy-policy/

One of my computers has the same configuration and there's a night and day difference between the Apple and Microsoft approach to privacy.

Microsoft is gathering analytics data plain and simple. Everything is turned on by default, some of which can't even be disabled.

Most of the Apple connections are feature-related (geod, appstored, akd, inappurchased, iCloud if you made the mistake of enabling it, etc). There are notable exceptions in Spotlight searches and the about dialog. Apps can be pretty bad, thank the lax US privacy laws, the industry's lack of backbone and Apple's disinterest for that one.

Ultimately it's a question of intent and trust. Microsoft has shown that they're willing to use dark patterns to get their way and force invasive analytics on their users. Apple hasn't done that yet.

The same way it does for Mac OSX's spotlight. The same way it did for Ubuntu's search feature.

I say this not to be combative, but because I think you and the average consumer operate under very different definitions of "privacy invasion." It's really important to recognize this.

Both Ubuntu and Mac OS X are much better at privacy today compared to Windows 10. Windows has reached Android-level data gathering capacity.

Microsoft should make it official and say they're an advertising company too if that's what they want and give Windows 10 really for free forever (not this limited time under certain conditions crap).

> Both Ubuntu and Mac OS X are much better at privacy today compared to Windows 10. Windows has reached Android-level data gathering capacity.

Could you be more specific about the concern though? I actually don't see what MS is doing that other competitors are, from a practical perspective. I'll try to be very specific as well. I've done some research here and this is what I've observed:

1. Individual apps in Windows send back telemetry commensurate with other apps I've got on OSX. They send back usage data that includes my activity. This used to be a very web-specific thing, then it was a mobile-specific thing, but I think most app store apps I have now open connections to a telemetry collector like Mixpanel or Kahuna. This used to be unusual, but now is the norm for every commercial app, and as someone building and managing said apps all I can say is "people want this stuff so good and so cheaply now, I don't know how else we could possibly get the data we need to deliver it that cheaply."

2. Win10 even at rest seems to send back very tiny amounts of data as part of its update checks and general telemetry. This seems really really similar to what OSX is doing, but of course I'm eager to see a security researcher break into this data. I'm sure there is slightly more to it. But people are shocked that Microsoft can discuss Edge hours used and pages viewed, and I think literally every competently executed application could produce those figures in 2016. To be honest, I trust Microsoft with this data more than I do tiny ISVs just using canned products outside their sphere of expertise to manage updates and analytics.

3. I think the "keylogger" people discuss is something nearly every OS does by default on its search engines and something every browser does as well: do debounced as you type pre-queries on search items. It's measurably more invasive with Spotlight or Cortana because you might be searching for indexed file content. I'm unaware of what else people might be discussing and I can't find many relevant alternative culprits here.

I don't disagree MS could be more obvious with its intentions on Win10. What's most frustrating is that from a consumer and even developer standpoint, Win10 is rapidly emerging as the best of all worlds for developers. The next major edition (which most of us are running via fast/slow rings) and the current iterations of MS-first-party hardware are directly competitive with Apple's offerings, and hardware wise they're quite good now.

So we're left in this awkward space where Apple has really dropped the ball on progressing their OS and they're profoundly developer unfriendly and even quite exploitative, Linux is still all but unusable on modern mobile and portable hardware without substantial commercial work layered on top, and Win10 is delivering a really functional environment with support for Linux that is done in FreeBSD's excellent style of direct compatibility.

It might make more sense for us to treat analytics collection like we would with ads via Adblocker. There's probably a massive addressible market if that's not already a product. Windows actually has fantastic and sophisticated per-application permissions controls that could be automated here...

So Microsoft installs have become as bad as RealPlayer installs used to be back in the day.

Serious question: are games that important that you'll take these intrusions rather than switch to (Calculate) Linux?

Who woulda thunk, forcibly upgrading users and possibly causing harm to businesses just might be a sure-fire way to get a class-action lawsuit on your hands.

I wonder if anyone on the Windows 10 dev team and/or their managers have ever heard of HIPAA, and how telemetry could... cause issues.

> I wonder if anyone on the Windows 10 dev team and/or their managers have ever heard of HIPAA, and how telemetry could... cause issues.

They've heard about it but they haven't posted anything interesting about it. Try searching for

"windows 10" hipaa site:microsoft.com

I'm not an expert but I'd guess that consumer Windows 10 out of the box doesn't meet HIPAA, simply because it sends searches to Bing. (You could, of course, type identical searches into Google, if you wanted.)

I'd also guess that business versions of Windows 10 with GP control can be configured to meet HIPAA. I did the above search expecting to find a white paper with the details, but, at a quick look, I can't see one.

Microsoft is targeting the health business via partners such as US Medical IT, and it has done a lot of work on HIPAA compliance for Azure. Similar work on Windows 10 may be overdue....

http://usmedit.azurewebsites.net/

With all the privacy setting opted in, i.e. no data to be sent to windows 10, I still have Cortona process running on my machine, which I seem to be not able to kill off( not spending any more time doing it as it is only Windows specific works machine, which I rarely use). Is there a option to uninstall Cortona ?
I've read a few guides that say you can use a race condition to kill the process and rename its directory before it automatically restarts itself.
Yes, basically you need to rename C:\Windows\SystemApps\Microsoft.Windows.Cortana_xxxxxxxxx folder. I prefixed mine with an _ character.
That's an old trick from the days when spyware/adware would do the same thing to stop you from removing it. The fact that it's needed now to kill off pieces that come with the OS speaks volumes about what Windows 10 has become...
You can't uninstall Cortana (unless you are on LTSB - in which case, it's not installed)

That said, you can disable Cortana (and have win + s, search up files)

press win + s (which should open the Cortana UI), then press the hamburger menu, go to settings, disable Cortana, and also disable web (Bing) Search.

The last two installs I did, on deadline day, I had to click to enable Cortana.
AFAICT, the process labeled "Cortana" in Task Manager handles search from the taskbar/start menu whether Cortana's actually enabled or not (it's the UI side of the system search service).
Correct. Presumably if Microsoft gave you a way to change the filename, some people would feel happier. Which is actually a bit sad...
Microsoft could do a much better job communicating what exactly is happening and why.
I agree, but there's no evidence that people care. There are hundreds of millions of consumers who don't pay attention, and hundreds of millions of businesses and programmers etc that do get the info they need, and that's the bulk of the market.

There's a smallish number of geeks who can't actually seem to to figure these things out for themselves, but I don't expect that's a financially significant market. Microsoft probably thinks it's reaching them via Mary-Jo Foley, Paul Thurrot, Ed Bott etc, but maybe it's not, and maybe it should do more.

(comment deleted)
turn your firewall and look in the logs, Cortana is still calling mothership with _every single privacy setting turned off_
Now that 29 July has passed, the last date of free upgrade, they hopefully won't pester anymore
I just read it's actually still possible to upgrade for free: Microsoft keeps the option open for people who use the "assistive technologies", and all you have to do is to say acknowledge that you use them, there is no actual check.

https://www.microsoft.com/en-us/accessibility/windows10upgra...

    > For the general public, the free upgrade offer for Windows 10 ends on July 29.
    > However, if you use assistive technologies, you can still get the free upgrade 
    > offer even after the general public deadline expires as Microsoft continues our 
    > efforts to improve the Windows 10 experience for people who use these technologies.
I'm not surprised that there isn't any check, because what MS considers "assistive technology" is extremely broad:

https://www.microsoft.com/enable/at/types.aspx

Do you use an alternative keyboard layout, a trackball, or even a touch screen(!)? Have you used the on-screen keyboard, or the built-in screen magnifier? Then you've used an "assistive technology", according to Microsoft. Combine that with their desire to push Windows 10 on everyone, and you can see they're probably going to leave this option open for the near future.

Suing over automatic updates could set a bad precedent. Who wants to maintain several old versions of software? I know I don't.
Seriously. I understand why people were upset over this, business owners in particular, but as a web developer, I'm (not so secretly) happy they did this.

As far as I can tell, there are two main camps of Windows 10 haters: users who know their systems really well and have it customized to fit their niche needs, and less technical users who are afraid of change. Those technical users should know how to turn off the update suggestions, and the less technical people are in a better place, now.

After using Windows 10 for a year, it is undeniably better than Windows 8.1 in every way, and better than or equal to Windows 7. The fewer less technical people out there using Edge instead of IE 11, the better.

Every time I try and turn off some weird functionality that makes me uncomfortable in Windows 10, it always gets re-enabled in a later update.

It's a great OS, sure. But Microsoft are doing a great job at making me switch to Linux faster.

> After using Windows 10 for a year, it is undeniably better than Windows 8.1 in every way, and better than or equal to Windows 7. In my case, it's the complete opposite. Windows 10 is so sluggish and buggy, WiFi doesn't work when returning from sleep, battery is draining really fast, programs open slowly, even with an SSD, the screen has a weird flicker and blue lines on the top... These problems don't occur on Windows 8.1. TBH, Windows 7 works worse than 10 on my laptop, but that's because there are no drivers directly written for 7, so it BSODs a lot.
All my Windows 10 upgrades have improved performance, so far (touching wood here, throwing salt etc). You might get an improvement with the new version due on or after August 2, but if not, it's worth trying a clean installation....

> Windows 7 works worse than 10 on my laptop, but that's because there are no drivers directly written for 7, so it BSODs a lot

You can usually run the new OS on the old hardware, but not necessarily the other way round. Today's hardware is being designed for Windows 10 and has probably never been tested with Windows 7 (unless it's a business PC from Dell or HP).

But an in place upgrade is a pretty complex operation. That being said, something similar is why "Windows as a service" was created in the first place.
> Who wants to maintain several old versions of software? I know I don't.

No one is forcing you to. Just advertise that you only support the latest version and don't force people to upgrade.

You can even put it in your support workflow. "What version are you using?" -> All options but the latest lead to "upgrade your software to the supported version"

Imagine if they had tried this with their corporate customers.

My advice to home users would be to disconnect their Windows computers from the internet and use some other OS for tasks that require internet. Use Windows offline for the graphical tasks that Microsoft was founded on.

I remember the days before Windows had a TCP/IP stack. Gates did not see the point in the internet or www immediately. UNIX computers were connected over the phone lines. Windows computers were not. Gates eventually woke up and MS copied the TCP/IP code they needed from BSD. The rest is history. Look at them now.

One should not need an internet connection to run Excel and create spreadsheets. If one needs to send a spreadsheet to some remote computer, there are other operating systems that can do that. Such as the one from which Microsoft copied the TCP/IP stack.

Or, do exactly this with an offline windows VM on a POSIX host. Even with enabled file sharing it should be reasonably secure in terms of privacy and at the same time convenient. The only usecases where this is not ideal: gaming and graphics heavy applications.
If you have multiple monitors and graphics card you can assign one to VM with almost no performance loss.
> The company said updates to Windows 10 are a choice, not a requirement

The other day, I woke up to my computer installing Windows 10 on its own. I was out of commission for hours waiting for it to finish installing, then a few more hours getting back to Windows 8 -- basically blocked an entire day of work.

This is the ultimate dark pattern. Microsoft provides a bait-and-switch for a subscription product that provides an endless revenue stream (at a future cost TBD), and then forces your upgrade. The best part is that you don't even know what price it's going to cost you in the future, but you can't (easily) go back to the product that you had.
> Microsoft provides a bait-and-switch for a subscription product that provides an endless revenue stream (at a future cost TBD)

Disclaimer: MSFT employee, views expressed are my own, etc.

This is absolutely the last thing that Microsoft wants. I don't know where you came up with this idea. Microsoft wants to ensure that once a user is using Windows 10, to never be on anything but the latest available bits, with the latest security patches. Creating a subscription model would fly directly in the face of that outcome.

Here is why the idea is coming up over and over again.

http://betanews.com/2016/06/30/windows-10-subscriptions-anni...

http://www.zdnet.com/article/mystery-file-in-preview-build-h...

They won't, but between their downright dicey ways they have tried to force people to upgrade, along with removing the ability to turn off Cortana / Windows Store, ads being pushed in and the 'pay to remove ads from solitaire' thing. People will not have a hard time believing they would do that as well.

We have seen microsoft go through some pretty dark times (Halloween papers etc), and it looks like they are starting down that path again with a vengeance.

If they only cared about having people apply security patches, they would make sure they ONLY push security patches through their security channel, a practice which they have abandoned.... again.

A lot of people associate "service" with something they have to pay monthly for. "Windows as a service", to many people, means Windows subscriptions. Similarly, "free" upgrades in this day and age, generally aren't, and come with costs in the way of privacy and advertising. Microsoft did a poor job judging how their marketing would be interpreted, as well as made the FATAL mistake of implementing a ton of data collection nobody wanted which reinforced that idea.

The clickbait titles by BetaNews and such haven't helped either. I like Windows 10 personally, but Microsoft has a HUGE marketing problem right now, and your PR guys aren't addressing it. The mildly useful data you collect isn't worth the huge reputation cost you guys are getting for collecting it.

Sure, it lets you say how many billion hours users have spent on Edge in press releases, but is it really all that valuable?

Actually, it is important to upgrade to Windows 10 or any other updates to Windows because each iteration of Windows has additional cyber security measures over the previous ones, sometimes taking into account new features in the Intel CPU hardware.

I would like a simple single, privacy selected option.

Also, I want to be able to turn Cortana off.

But in my case I run mac with Parallels VM running Windows 10 as a guest so not so much of an issue.

It's easier to ask for forgiveness (and be subject to lawsuits) than permission (and have a bunch of people opt-out).

Microsoft needs a weapon against Google and Apple, who are both well underway into becoming 'services' companies, and whose devices we walk around with every single day.

Microsoft is trying to leverage installed base it still has in some people's homes to drive some traffic to integrated Microsoft services, the same way Google and Apple have driven traffic to their properties from day one. They can't afford not to be aggressive -- the average person will vacillate over the Windows 10 upgrade but then install Chrome on every single device without question.

If you were in Microsoft's shoes, what would you do? (And not mismanaging your product lines for the previous 8 years is a cheeky non-answer)

...the average person will vacillate over the Windows 10 upgrade but then install Chrome on every single device without question.

Holy crap it's almost as if users are happy to install software that they like and trust because they've used it, and hesitant to install software they're suspicious will screw them over because it has in the past.

I'm so happy that damn icon and spam is gone! W7 till I die!
I took my laptop to get upgraded to Windows 10 in the store. They claimed I would get a free laptop if they couldn't complete the upgrade that day.

They asked if I had a backup I said no. Then I was told it would take 7 days!! So I made my own backup (2h)

I went back in and asked them to upgrade. They plugged in some USB stick and ran some program. A command console window appeared and the process halted. The tech was confused. A manager looked at it. Then I was told it would take 5 days!! I asked for my free laptop. Oh, sorry you don't qualify cause you Win8 system has some unknown issue. WTF!?

WHERE IS MY FREE LAPTOP MICROSOFT! CHEATS AND LIARS!

This does sound bad. They owe you the laptop, as their advertising clearly claimed.

I was at first trying to upgrade myself and ran into a Blue-Screen, at which point it automatically rolled back to Windows 7, largely successfully. Then I saw this add for a free laptop and was confident that those people there would fail to upgrade for sure, and I would pocket this laptop!

Based on your experience, I am glad that I did not get time to go there, and then figured it myself over the weekend. (It turned out to be two incompatible drivers, even though the compatibility assistant had not find stoppers for the upgrade.)

Was this a Microsoft store? Please excuse my ignorance, the sibling commenter suggests this was an offer in advertisements, but I do everything I can to avoid them.
Yes, Microsoft Store, University Village (just across the lake from the corporate HQ)
Did you get their refusal in writing, or otherwise record it? If so, you may have a small-claims case for the value of a new laptop, your time and damages.
I don't feel like fighting M$ for a crap-top. I've got a business to run. It's a waste of my time.

Also: only reason for upgrade? My customers have Win10. I wanted it for testing only.

And the upgrade blocker from in the store? Cause syslinux was my bootloader and Win update fails if Win is not the active partition.

Did my own upgrade a day after, took about 3h

I almost tried to do this, since my main desktop wouldn't do an upgrade install. But I decided I'd rather pass on a cheap laptop than risk low wage store employees tinkering with my main PC. Ended up having to do a fresh install, because the Microsoft Answers site is useless. (MVPs just spam post generic troubleshooting tips, the Microsoft support engineer never responded a second time, etc.)
You'd probably just get a free Microsoft laptop with terrible firmware anyway.

Windows said an upgrade to Windows 10 was fine on my Dell Vostro, it was correct, until it installed a graphics driver that caused the screen to go blank. Turned out a BIOS update fixed it, but that's no good for a normal person. The next day they announced you couldn't turn off ads in Windows 10 Pro.

People are getting harassed because the upgrade is too automatic and you took your laptop to a store to get upgraded? I must say Microsoft has managed to fuck it up more than anyone could have imagined.
Microsoft needs not to try and force Windows 10 upgrades onto their users. Their users' machines which the majority of them are not created by Microsoft may or may not have trouble running the latest.

My $300 HP laptop after the forced upgrade is now almost a brick. I have to do a good amount of work that was unnecessary because MS wants to boost Windows 10s numbers no matter how awful it is for their customers.

Your not Apple, Microsoft you do not control both the hardware and software. Please make it a tad more difficult in terms of installing the latest OS .. make the user select if they want to do this via a few windows.

I would kill to see the actual metrics proving the value of these Microsoft policies vs whatever adverse effects they cause (like certain companies delaying installs / purchases etc.).'

Same goes for the original "Always online" policy for the Xbox One (which I believe was rescinded).

My guess is that they were just random ideas that sounded good to various executives and were implemented without actual research to stand on.

I won't use a Microsoft Windows computer as my daily driver due to dark patterns, privacy issues, new business model etc, but I also wouldn't advocate for strict legislation in this area. The only legislation I think I would back is mandatory information disclosure on install. EULAs are important and it is to detriment of the consumer that we agree to terms we aren't aware of. Still, if there's an opt out toggle buried somewhere, then the company is aware someone wants to do so.

How we decide what information is important to consumers is debatable, but consumers can't make informed decisions if they don't have the information available or are not presented a choice. If information isn't provided by primary sources, many of whom would rather not provide it in an easily digestible manner, then it's a guessing game. Things like applying whack-a-mole patches to fix the shortcomings post-install is essentially plugging a sponge boat blindfolded. Even grouped settings toggles in a customer-fronting GUI can be broken out and flipped on individually without your explicit approval tomorrow so your Windows Firewall IP hack is just that, a well-meaning, but messy and temporary hack.

I'm a firm supporter of "vote with your dollar", however I think voting with your voice is also important. If you're unhappy with something a company is doing, shoot an email or call someone if possible and explain why you're not using their product. Hell, even and maybe especially if you are a customer, let them know you're not happy about a policy. Just like in the public sphere, private companies don't know whether you're an ideological abstainer or simply someone they haven't advertised hard enough to yet. Part of this problem is due to companies knowing full well they're acting against the consumers, but consumers often shut up and move along silently after getting their wallets out. I've emailed Microsoft multiple times about their policies on binding arbitration, their dark patterns and privacy policies. I may not be a customer, but they sure as hell know why.

I agree with this, and I'll add that in addition to "voting with my dollars", I'm also "voting with my respect", in that if you tell me you worked for Microsoft during the Windows 10 update saga, particularly if you actually worked on something related to this travesty, you go down a notch in respect in my book. I'm also going to see it as a black mark on resumes I see.

In the end, I think the most leverage we in our high-tech enclave have is in setting the social norms that say this is not OK. Losing the respect of your peers can be a surprisingly powerful motivator, and it will translate directly into increased labor costs for Microsoft and their ilk (consider how much more you'd have to be offered before you took a job with the NSA right now, or with a spamming company).

The complete failure of IT privacy in the US proves that voting with your dollar and voice doesn't work. The very existance of companies like Google, Facebook and thousands of others whose main purpose if data analytics proves that.

While your opinion sounds balanced at first sight (let's allow customers to choose...), it is in fact completely misguided. Such arguments have been used by many harmful industries such as tobacco and food producers pushing HFCS and other damaging foods or additives.

They know they can let the customer choose, because without regulation they can out-advertise, out-market and outwit all but the most savvy consumers. And even they can't escape due to network effects and lobbying.

No. Privacy should be regulated to the point that companies think 10 times before gathering one additional piece of information and then decide against it because they know they will be fined 50% of their profits when they fuck up.

>The complete failure of IT privacy in the US proves that voting with your dollar and voice doesn't work. The very existance of companies like Google, Facebook and thousands of others whose main purpose if data analytics proves that.

I don't think voting with your dollar is a failure, I just think it's currently too niche a hobby to move mountains. From my completely unscientific empiricism, it seems only super hot button issues, regarding religion for example, cause enough Americans to weigh a company's economic policies vs their ideological ones in large enough numbers while also making enough noise about it. Many consumers seem to make one dimensional decisions when choosing a product or service: How much does it cost? This is exacerbated by the amount the public sphere is taking over private decision making, not ameliorated.

For example, citizens concerned with wage disparity aren't buying goods whose executives pay their workers fairly; they're shopping at Walmart. For some reason, economic or ideological issues that stem from the market aren't the market's problem, but become a problem for Washington. Do I think putting the mean and median wage of non-executive employees on the package would help here? Not until we decide these are problems of the market, but honest information disclosure will be important then.

On top of that, a great many consumers are happy with the status quo. "Personal information" is some nebulous magical currency that they can get free stuff for. Just because you or I value this doesn't mean most people do. I've talked with a great many, otherwise intelligent, people that would have it no other way. They can use Facebook for free and to them the value gained far and wide exceeds the costs.

You and I personally think this calculation is short sighted and incorrect, but if you assume the consumer is too stupid to make decisions for themselves regarding their own information then where does that lead us as a society? (not to mention the regulatory overhead)

If ms would have called it windows 8.1.2 and installed it via the regular automatic windows update, would people have been equally upset?
Yes, because it is clearly a huge change from Windows 8.1.