73 comments

[ 4.4 ms ] story [ 137 ms ] thread
From the article:

> Shouldn’t the new and improved Windows 10 be immune from the bugs that affect Windows 7, 8 and 8.1?

I'm not sure code works like that...

What you quoted was sarcasm...

Microsoft is claiming that Windows 10 would be so much more secure than Windows 7/8, and he's saying that if Windows 10 would be much more secure, then it shouldn't be suffering from largely the same bugs and vulnerabilities. So, Microsoft's claims are quite obviously bullshit.

I'm comfortable with the privacy-compromises I accept with my phone (iOS). I put my computer in a different category. It's not a social or entertainment device, although I do use it for that a lot. It's primarily where I work, and where I store sensitive or bulky information I've never carried on a phone. I need control over my computer. I can accept non-free compromises like macOS, as long as they continue to maintain the social contract with users. If you can't turn off key loggers and on your PC, that OS is unusable for me.
I feel the same way. Sadly, there is a growing crowd that will point at your mobile device and say "<Android|iOS> does it, so stop complaining!".
Looking forward to similar articles about Siri and Google Now.
I don't know about Siri, but you can disable Google Now (actually, you have to enable it, if you want it).

There seems to be news, that since Anniversary Edition you cannot disable Cortana anymore.

Plus, I have to agree with hughw above, that there is a difference between phone and computer, what kind of data you have loaded on each. Windows 10, as it is currently, is simply unacceptable.

Good to know it is still possible to disable them, but until when?

I disagree with the difference between phone and computer, for many people a smartphone or tablet is the only computer they own.

The Cortana features analogous to Google Now are still opt-in after the update (i.e., you have to enable them if you want them). However, web search through the search box can no longer be disabled through a supported method AFAIK.
You opt-in to "Hey Siri" on first boot. I can't speak for Google Now.
Yep, when you set up your phone you get a notification to enable it, as well as it's features. It's pretty upfront about what it does and what it collects too.
Hey Cortana (and microphone access) is still opt-in, along with features that require data collection. The article is somewhat unclear/misleading on this point.

What's not opt-in, or even able to be disabled through any supported method, is web search through the taskbar/start menu search box. This means that search box keystrokes will be sent to Microsoft servers, though there are (opt-out) options for disabling or clearing storage of search history.

That's smart phone stuff, for some reason they've always behaved that way and people have mostly accepted it. Cortana and other Windows 10 software is turning an OS that you used to be able to call your own into something completely controlled by Microsoft. It's infuriating. I was a happy windows user until they pulled these stunts. This whole year I've been working towards getting all my personal computing off of it (I'm still stuck with it for work and I work from home). Last week I finally lost it when, after a forced Windows Update, Windows Defender was re-enabled against my will (along with a few other services I went out of my way to kill) and caused %100 disk usage for over an hour. This week I'm finally booting directly into Linux and Windows 10 is running in a VM with nothing but development tools on it... and Candy Crush and some racing game because the ISO from the MS download page includes them for some reason (the "Professional" version).
When I saw how privacy hostile and generally manipulative the whole mobile revolution was, I knew it was coming to other platforms too.

There is just too much money to be made in surveillance and targeted advertising, especially since margins are collapsing elsewhere and people want everything to be 'free.' Surveillance is the business model of the Internet, at least in the B2C space.

I'm not optimistic about it changing because frankly nobody cares. The only people who care are a small fraction of "cryppie" types and coincidentally these tend to also be the people who use FOSS and/or pirate everything. Not paying money is like not voting. Vendors have absolutely no incentive to give a damn about what you want. I am not aware of a single case where a product has been significantly harmed in the market or failed due to privacy invasion. In fact, even major security problems (also related to privacy) generally do not harm products in the long term.

Last fall's "November Update" was the first post-release change to Windows 10 that was dramatic enough to fit the description of a Service Pack. The "Anniversary Update" should be looked at as Windows 10 SP2.
> When it’s working as your virtual assistant it’s collecting your every keystroke and spoken syllable.

So is a Google Search.

Whenever you type into the Google Search Box it is "collecting your every keystroke" or when you use voice search it is listening to your every "spoken syllable."

You can word stuff that way to make anything sound like a keylogger. Heck even Hacker News is "collecting my every keystroke!"

> But Cortana doesn’t stop there. With the recently released Windows 10 Anniversary Update, hereafter Windows 10 SP1, you can’t shut Cortana off.

Misleading.

You can turn off all the web integration functionality of Cortana and turn it into glorified Windows Search. What Microsoft removed was a specific slider that never really did anything, all the other privacy controls (including disabling web search entire) still exist either in the Privacy Settings panel or in Cortana's own settings.

> Maybe you don’t mind Microsoft listening to your every word so it can catch when you say, “Hey, Cortana.” I do. Yes, I want the coolness factor of being able to talk to my computer. But I want the reassurance that it’s not listening when I don’t need it to be. I want a simple on/off switch. Windows 10 SP1 doesn’t have one. This is interesting, though: Windows 10 Education does.

This is just outright untrue. "Hey, Cortana" can be disabled in Cortana's settings on all versions of Windows 10 with or without the anniversary update installed.

> Heck even Hacker News is "collecting my every keystroke!"

Not until you press return

> > But Cortana doesn’t stop there [...] you can't shut Cortana off.

> Misleading.

No, I don't think it is. You can tell her to "stop getting to know me", but you can't turn her off, because her offline services are basically rebadged offline desktop search. Cortana as the personification of search cannot be disabled, and heretofore unspecified telemetry regarding your search behavior is still sent to Microsoft. There is no way to disable or block this telemetry without third party tools.

Do you have any additional details about the "unspecified telemetry" that's sent to Microsoft?

I thought from my readings on the subject that pretty much all of the telemetry could be disabled via in OS options (even if some of them are rather harder to get to than I'd like)

> heretofore unspecified telemetry regarding your search behavior is still sent to Microsoft.

Can you site your source for where Microsoft collects search telemetry data? They definitely collect telemetry data about all versions of windows going back to XP but what that entails has never been clearly outlined. I feel like you're jumping to conclusions.

> Not until you press return

Maybe true for HN, but not necessarily true for other sites like google search / FB search. It's common practice to send all keystrokes to the server to speed up searches.

If you disable Cortana, Search process is still running. If you kill it, it comes back.

Hm let me think which type of software has this behaviour...

explorer.exe? /devils advocate
Pretty much every background service which wants to be resilient to failure? You know, like a firewall, or a search indexer or an update checker.
Firewall and search indexer are both not running when I disable them.

I'd expect the same from an update checker, you didn't specify which one but I can imagine I can stop it from running in a way that doesn't include renaming an .exe in a specific AppData folder (as for Search.exe process).

> So is a Google Search.

Which is implicitly understood by the nature of its outputs. Furthermore Google Search is localized to an application (if we aren't talking about Android phones, which is another world of bad) and isn't ever present in the OS if you didn't make extra effort to disable it.

The issue dissolves to informed consent. You'll have hard time convincing me my less technically inclined relatives provided informed consent to collection of data when Windows 10 was forced on them which I had to disable after it ran for weeks.

> Which is implicitly understood by the nature of its outputs. Furthermore Google Search is localized to an application (if we aren't talking about Android phones, which is another world of bad) and isn't ever present in the OS if you didn't make extra effort to disable it.

chokes Firefox and Chrome are getting a hell of a pass if you're going to say web browsing is "confined to an application."

> You'll have hard time convincing me my less technically inclined relatives provided informed consent to collection of data when Windows 10 was forced on them which I had to disable after it ran for weeks.

While there is no doubt that the Win10 migration could have been handled better, it's difficult to actually image a better path for MS to take. As you've intimated, your "less technically inclined relatives" are difficult to inform in order to give informed consent w.r.t. the issues at play with the upgrade to Win10.

What's more, the telemetry collected is of the most benign type that Apple, Google, Microsoft, and nearly all 3rd party apps have actually been collecting (enabled via TOS agreements and practicality) for the better part of a decade now. Said usage telemetry is essentially required to provide software at the scale, quality, and cost that the market demands.

> What's more, the telemetry collected is of the most benign type that Apple, Google, Microsoft, and nearly all 3rd party apps have actually been collecting

Do you have any links on what telemetry data is actually collected and sent? I would genuinely appreciate it. This is has held me back from what is otherwise a pretty solid OS upgrade.

All I've seen has either directly indicated or indirectly insinuated that every key stroke (not just Cortana search, but every keystroke entered while using Windows 10) is collected and sent with the telemetry data. Being encrypted traffic, and data that can be sent at any time, not necessarily when keys are being pressed, there is no way to inspect and verify.

The closest I have seen to rebuttals of this are either people with no knowledge or connection saying "oh, come on, they would never do that", or Microsoft saying essentially "we cannot allow telemetry to be turned off anymore because the more advanced users that we need data from would turn it off".

I don't think there is a way to prove what is actually sent, unfortunately, but it would be nice to at least hear Microsoft say "we firmly believe in the privacy of our users and would never dream of being anywhere near that invasive".

Really wish someone could definitively answer you. I have yet to see any analysis that could define hard boundaries on where keylogging occurs.
> While there is no doubt that the Win10 migration could have been handled better, it's difficult to actually image a better path for MS to take.

No it's not! "Don't use deceptive language, don't force updates on users who didn't request them or specifically declined them, never reboot a running computer without explicit permission for any reason short of a total system freeze."

> Said usage telemetry is essentially required to provide software at the scale, quality, and cost that the market demands.

Then why are they being deceptive about it? If it's completely benign and only works for the good of the user, why do we keep hearing about new telemetry that people weren't aware of or thought they'd already disabled?

> "Don't use deceptive language, don't force updates on users who didn't request them or specifically declined them, never reboot a running computer without explicit permission for any reason short of a total system freeze."

See, even these are not so cut and dry. Sure, "Deceptive" is a thing we want to avoid. But if a user is deceived by what others called clear language, was your language deceptive? I had no real issues understanding, "They want to give me an upgrade. If I click that, I'll get the upgrade."

> don't force updates on users who didn't request them or specifically declined them, never reboot a running computer without explicit permission for any reason short of a total system freeze.

We can argue about specifics all day, but if a user isn't going to reboot their computer periodically for critical security updates then doing it for them is a public service and it should be done. We're still very busy as a society pretending that computers aren't a public utility, but in fact they are and they have very real consequences for their use.

> Then why are they being deceptive about it?

See, this is what I don't get. Where are they being "deceptive" about telemetry? They don't act like it's a secret. They talk about it in public.

> why do we keep hearing about new telemetry that people weren't aware of or thought they'd already disabled?

Good question! This is not a new story. Go read the article carefully! This is all basically clickbaiting off an original very popular clickbait that said the EULA technically could be read to allow keylogging in some situations here: http://www.theinquirer.net/inquirer/news/2373838/microsofts-... (btw, it can't, there's US and EU law at play that protects consumers).

No seriously. That's what started this all. An insinuation that a tech preview might have telemetry. And so we continue to roll over this calling Cortana a "keylogger". They printed a followup which basically said, "No, they didn't use a keylogger" and gave it a surreal headline: http://www.theinquirer.net/inquirer/news/2421234/microsoft-p...

From a technical and not-total-uninformed-bs perspective, it all comes back to, "Cortana's typeahead search mixes desktop search items with Bing search results, which are sent key-by-key for latency reasons, which is a trace of keystrokes" coupled with, "Cortana uses cloud computation for "hey cortana" voice analysis (not the wakeup cue, the the part after).

And in Microsoft's defense, no one minded when Google did this, after Apple did it, after Firefox did it.

>We're still very busy as a society pretending that computers aren't a public utility.

Fuck that noise. No my computers in my home are not a public utility.

I will run or not run the software I choose on my machines. You can call me Typhoid Mary all you want, but if an Nigerian prince somehow compromises one of my machines and tries to sell you Viagra you can report it to my ISP or domain registrar.

> I will run or not run the software I choose on my machines. You can call me Typhoid Mary all you want, but if an Nigerian prince somehow compromises one of my machines and tries to sell you Viagra you can report it to my ISP or domain registrar.

I understand that this is a difficult thing to understand and accept, as it is happening in fast forward in our lifetime. People had similar sentiments initially about other things that end up using public shared utilities (e.g., automobiles and phones).

It's unfair to expect most users to be able to protect themselves. Even professionals with experience struggle to protect their hardware and computers. Only doing post-incident triage is not going to work here in the same way that we require traffic laws and automobile regulation to make sure that we don't spend even more time and money scraping people-goo off the road.

Therefore, as a matter of public safety, we're going to have to put safety and security rules on publicly networked computers. Consider funding and hosting a private network if you find that onerous, perhaps?

This offensive, paternalistic attitude towards users needs to stop. You do not get to decide these things for end users.

> It's unfair to expect most users to be able to protect themselves.

Correct. Problems in this area are the fault of the vendor, not the user, for producing shoddy software, not caring enough about security, and/or not going far enough to educate the user about important thins they do need to understand. None of this requires stealing user data (or "telemetry"), nor does it require taking agency away from the user.

Your "solution" is to take away the General Purpose Computer from the user. I realize that General Purpose Computers are frightening when in the hands of people who might make a mistake* or run some software you don't like, but that is what we call "freedom"[1]. Instead of supporting freedom, you seem determined to force centralized control on people. Do you not see how this is a major shift in power?

> Therefore, as a matter of public safety, we're going to have to put safety and security rules on publicly networked computers.

This is a cheap excuse to not address actual security. The negligent security practices of most businesses over the last few decades are becoming a serious problem, and as usual the guilty are trying to deflect the blame onto the people least responsible: the users.

[1] https://www.youtube.com/watch?v=gbYXBJOFgeI

> This offensive, paternalistic attitude towards users needs to stop. You do not get to decide these things for end users.

I thought that's what security updates are?

> Problems in this area are the fault of the vendor, not the user,

That's what security updates are.

> None of this requires stealing user data (or "telemetry")

This is deliberately incendiary language trying to redefine an industry practice so benign and common that it's difficult to find any products that DON'T do it. Even in the free software space!

> Your "solution" is to take away the General Purpose Computer from the user.

Wait. Pardon me? I think you've projected an argument onto me that I am not having? Having your computer click an automatic idle reboot unless you step in to tell it otherwise is not "removing general purpose computing." That's not really even the auspice of most OS's right now!

> This is a cheap excuse to not address actual security.

The idea that security problems can be prevented in advance by better discipline and tools is a fantasy. The technology and process simply don't exist. Until such time as we verify every byte of code from the firmware up, security risks will exist (even then, hardware bugs!). You cannot simply say "Try harder!"

> The negligent security practices of most businesses over the last few decades are becoming a serious problem, and as usual the guilty are trying to deflect the blame onto the people least responsible: the users.

I submit that moving to a regular security update paradigm and tying business interests to product longevity and security. In this, I think Windows 10 is a better strategy for pro-consumer outputs than Apple's current strategy. More in line with Google's forevergreen OS goal.

> an industry practice

Industry practice on IBM compatibles used to be that operating system didn't siphon data off the machine and that the user retained ultimate agency over metal that they bought.

Automatic transmissions have replaced manual transmissions for all but specialist uses and premium mid-life crisis markup sales.

I view this in the same way. The vast majority of consumers have better outcomes if their hardware is managed. The few people for whom this is not true have other options available.

Not good ones, in my opinion, but theres no positive outcomes for people pursuing a "bazaar" like strategy to software as far as I can see, anyways. It's somewhat ironic that devices visibly resisting national attacks are outrageously locked down.

> Automatic transmissions have replaced manual transmissions

In US but ok. Analogy would probably work out if for automatic transmission they disconnected airbags for no good reason and then went on and announced how wonderful it is that airbags are disabled (mind that the car is just as functional with airbags enabled, but you'd have a hard time convincing anyone that an average informed user would prefer airbags disabled) and if users really wish to use airbags they can enable them later.

> if their hardware is managed.

Telemetry isn't necessary for hardware to be "managed".

"Automatic transmissions have replaced manual transmissions ...".

Not on Europe. Many people would be embarrassed to be seen with an automatic transmission. Coincidentally, privacy here has not (yet) been entirely eradicated either.

> chokes Firefox and Chrome are getting a hell of a pass if you're going to say web browsing is "confined to an application."

Well browsing in Firefox is confined to Firefox, not sure what you want to say. The fact that Firefox isn't perfect in every way shouldn't mean that Windows should go 100 mph evil with its telemetry.

> is of the most benign type that Apple, Google

If it's not straight keylogger still doesn't mean it's anywhere near acceptable. And it's fallacious to think whatever Apple and Google does on their platforms should have any bearing when judging what Microsoft does on its. There's been pattern of derailment whenever Windows is mention and it should stop.

> and nearly all 3rd party apps have actually been collecting (enabled via TOS agreements and practicality)

Lack of _informed_ consent and the fact that telemetry as part of OS is ever present (and not segregated to third party software) is what makes the difference. Flaws in third party applications are still reproachable, but they aren't the subject of discussion here and hopefully they are replaceable and not installed and turned on by default.

> Well browsing in Firefox is confined to Firefox, not sure what you want to say. The fact that Firefox isn't perfect in every way shouldn't mean that Windows should go 100 mph evil with its telemetry.

Browsers are an incredibly sensitive and important part of people's day-to-day use of computers. In terms of time spent, most people overwhelmingly spend their time there, and even do work of other types via that system.

> If it's not straight keylogger still doesn't mean it's anywhere near acceptable

Indeed! But we can't even have a conversation about what the "is" in fact is! We're using incredibly incendiary and obviously incorrect language to avoid even the pretext of a rational examination of the data. I was just downmodded to -2 for posting a link to Ars's examination of the telemetry via local proxy and a discussion about what it looks like at the byte level. People are that uninterested in actually understanding the technical details here.

Can you name a specific aspect of the telemetry that you don't like that you can't turn off in SP1? If so, please let me know. I am happy to gather data to consider escalating concerns both as part of my professional responsibility and as part of my connections to many smart and placed people at MS.

> Lack of _informed_ consent and the fact that telemetry as part of OS is ever present (and not segregated to third party software) is what makes the difference.

OSX, iOS, Android, and Ubuntu all contain core telemetry. They have similar EULAs to Windows for the customer facing product. Heck, this entire conversation got kicked off from the article I linked over the more exclusive opt-in for Insider program builds! The clause isn't as strong in the public EULA, last time I checked (IANAL, so please feel free to correct me if you're better informed there).

I am all for a rational, calm, informed discussion about the pros and cons of telemetry. I wrestle with the "right" thing to do daily as part of the products I help build, design and ship. I very much want to have that conversation, but shady authors looking for cheap ways to buy relevance are writing clickbait to obfuscate the real discussion to make incrementally more dollars via impressions. If you're looking for deceit, the handful of authors cashing in on this meme are not a bad place to start.

(comment deleted)
> downmodded

HN is going to hell just as proggit did and digg before it. If anyone that downvoted me bothered to explain why they did it that would be great. Nobody has proven anything I wrote wrong, so apparently I'm getting downvoted for sentiment.

> Can you name a specific aspect of the telemetry that you don't like that you can't turn off in SP1?

Haven't upgraded to SP1 yet. If there's still typing telemetry thing without any concrete official explanation whatsover of how it works then that's still a problem.

> Ubuntu

Has its own problems, agreed. Thankfully they've corrected some of their behavior in 16.04, unfortunately crash reports are still getting transmitter if you don't disable it.

> shady authors

Obviously take anything Vaughan-Nichols writes with a big grain of salt.

> I wrestle with the "right" thing

In my mind it's very simple - if users have reasonable expectancy of privacy then any features should be turned on only after informed consent has been obtained.

> Haven't upgraded to SP1 yet. If there's still typing telemetry thing without any concrete official explanation whatsover of how it works then that's still a problem

There isn't any evidence of typing telemetry. I haven't seen any technical assessment that suggests otherwise, just click bait assumptions it is there. The only place keystrokes get sent that we know of is the Cortana field for web searches, and you can turn that off even pre-SP1.

> typing telemetry

Have you missed big fat "Send Microsoft info about how I write to help us improve typing and writing in the future" in the privacy section of settings?

> The only place keystrokes get sent that we know

We don't know how it works. I've searched and there's only baseless speculation (hello) that it's benign but there aren't any official documents detailing how it works that would dispel many people's reservations.

> The only place keystrokes get sent that we know of is the Cortana field for web searches, and you can turn that off even pre-SP1.

How do you KNOW that? The setting mentioned above doesn't mention Cortana, one would expect the setting mention Cortana if it only pertained to that subsystem.

Oh by the way, I knew I remmebered this. The specific setting your referring to has to do with helping Cortana recognize unusual words and common phrase in your vocabulary, according to Microsoft.

All the speech services are supposed to be kept off cloud for desktop machines, so presumably this particular feature is more about sync and correction rates.

Mind providing link that would prove this? I looked a decent amount of time and couldn't find anything relevant other than a few articles on how to disable settings or providing some vagueries. If it exists this explanation certainly isn't front and center, perhaps an obscure C9 video?
(comment deleted)
Friend, could you please put a real name to these rebuttals? It's bad for HackerNews karma, but that's a fool's economy anyways. I'm rather tired of being one of the handful of public faces of this conversation in every thread.

These comparisons are directly and deliberately incendiary. They're clickbait of the worst order, for several reasons. But the ugliest part is that even with you pointing out in the Win10 SP1 you can easily stop these requests from going out on your search requests (and validate that they do!), they've tactically damaged consumer confidence and implied that Windows 10 is spyware when in reality it's one of the more secure and maintained desktop OSs you can elect to run right now, and certainly a much better option than the flagging and reluctant support MS has to deliver for Win7.

People love to levy these accusations at Google as well, so perhaps a better comparison for Mac users: Start typing into Spotlight and see what happens on your network interface. It's easier to turn off now, but was not so for quite some time. Spotlight was collecting-every-keystroke-omg-spyware for a long time and there was no public outcry.

>So is a Google Search.

Did anybody said otherwise?

>You can word stuff that way to make anything sound like a keylogger. Heck even Hacker News is "collecting my every keystroke!"

No, it's really not.

By the same token, neither is Cortana? It's a very specific time when it's gathering that data. Why are we continuing to entertain the idea that the OS is literally logging and reporting every keystroke?

Or if FireFox's-awesomesearch-or-basically-spotlight-3-years-later integrated into the Windows OS is such a disturbing trend, why are we not equally censuring Chrome, Firefox, Safari, iOS search, Android Search, and Spotlight for these behaviors? Could we perhaps be consistent?

Cortana has replaced the local search on Windows 10. Users will be searching for their local files, which will be sent to Microsoft, which is neither necessary nor appropriate. You now have to expect being put on a list, if you search for "bomb.txt" on your system.

As for your whataboutism: Most of those have been criticized in the past. Just because we don't list all of them every time a new company decides to do the same shit, again, doesn't mean that we are inconsistent.

And "most", because Firefox is specifically keeping a separate URL bar and search bar around, so that the URLs you type in aren't sent off to search engines unnecessarily.

> Cortana has replaced the local search on Windows 10. Users will be searching for their local files, which will be sent to Microsoft, which is neither necessary nor appropriate. You now have to expect being put on a list, if you search for "bomb.txt" on your system.

Evidence, please?

>So is a Google Search.

Which is why I use duckduckgo. And am staying away from Windows 10.

It's hardly alone. When I started examining my home network DNS traffic I quickly identified a bunch of software to remove or keep closed when I'm not using.
I don't believe that a simple registry setting or two necessarily disables Cortana. It might just pretend to be deaf but still be listening.With closed source software you never know.
I suppose the same argument will hold true for Siri, Google Now, Desktop/Phone/Browser search?
And does almost every day on some blog or another.

every. single. day.

KDE search does not send data over the network. Neither does Windows 7 search, as far as I know.

About Siri, and Google Now, people know not to let it access sensitive information. Now, people must learn the same about Windows 10.

Sure does. What's your point?
You can always watch for the network traffic...
Not really. If they encrypt it and hold off on sending it until they need to send something else, like for example the next update-check, then it becomes pretty much impossible to tell that they are sending your data and what they sending.
I'm not so sure this article is entirely accurate. I have Windows 10 Anniversary Update on my Surface Pro 4 and the switch to turn "Hey Cortana" off takes just 2-3 clicks.

Screenshot: http://imgur.com/a/EI57H

Ah yes, I suddenly have bout of nostalgia from the IE Monopoly Era. I remember when IE was claimed by MS as being intimately linked to Windows and if removed would hinder core functionalities.

https://en.wikipedia.org/wiki/United_States_v._Microsoft_Cor....

Specifically: "Microsoft stated that the merging of Microsoft Windows and Internet Explorer was the result of innovation and competition, that the two were now the same product and were inextricably linked together and that consumers were now getting all the benefits of IE for free. Those who opposed Microsoft's position countered that the browser was still a distinct and separate product which did not need to be tied to the operating system"

I know this is not the same situation, Cortana is not part of a 'monopoly' technology, however the fact that some features which users deem optional that end up embedded in the OS is similar.

Y'know, a lot of government organisations use Windows; I wonder how they feel about having all their information going to Microsoft …
First, they're likely not on Windows 10 yet. Second, they all likely have enterprise management, where telemetry features can be fully disabled.
Enterprise Edition respects(=won't jeopardize) their meal ticket.
This update moved Cortana from an all-or-nothing permissions model, where you have to grant a whole bunch of permissions before you can use any Cortana features at all, to a more granular model where the permissions are broken up into a handful of categories and you only have to enable the ones required for the specific features you want to use. These permissions are off by default as well (this includes microphone access and listening for "hey Cortana"), but you'll be asked to grant the relevant permissions when you try to use a feature that requires them.

However, it's also true that there's no longer a supported way to turn off web searches in the search box (at least as far as I know).

I always find it darkly amusing that Microsoft named their application after a type of AI doomed to become a megalomaniac control-freak.