GDPR technically does have real teeth, to the extent that one really shouldn't want to raise the ire of an EU Data Protection Authority. Unfortunately, enforcement to date, and the resulting fines, have been lackluster at best. When will people learn that disincentives like fines and such have to actually hurt to be effective in changing the behavior of corporations?
Many companies have gotten their first fines already. Hundreds of millions of shareholder value down the drain because they blatantly ignored the rules.
No, most companies don't get a massive fine in the first round, but I already see enough have gotten then that even Google now allows me to opt out with a single click :-}
And that the user may not have capacity to consent.
That seems the salient issue today with regards to children and social
media. Most of the giant social media companies profit from
participants who cannot legally enrol.
By "participants who cannot legally enrol," do you mean minors? I'm not tracking what the Venn diagram between those people and those who "may not have the capacity to consent" is.
But Dogbert's comment actually deserves a bit more than "try using
common sense instead of set theory" :)
I tried thinking of classes of adults who lack capacity, other than
the mentally unfit, senile or criminally insane.
There's a lot of young people who are "deemed to consent" (the passive
weasel-words of filthy scoundrels) in higher education. I've written
about Turnitin in the Times and the "very dodgy circumstances" in
which students are inducted into university and then find themselves
coerced into tacit agreement to use tools which massively violate
their privacy and other rights. The same applies to Microsoft products
where institutions block choice and force students use insecure
products that they would refuse if exercising their better judgement.
Plus there are policies which allow admins to block PowerPoint Designer, as well as all Office 365 "Intelligent Services" (or "Intelligence Services", depending on your POV).
> If you’re on a work account, your admin may have enabled or disabled it already with GPO/MDM.
It has to be a global Office 365 setting, my computer is not in the domain, I’m the only admin for it. That’s why I’m asking where the setting for the permission is, so I can have a look at it (I’m secondary admin for the O365 account) and potentially disable it.
> If the user has an Office 365 (or Microsoft 365) subscription and is signed in with a work or school account, or if the user has Office LTSC Standard for Mac 2021 or Office Standard 2019 for Mac, then the user can't turn off connected experiences that analyze content.
If I have one hope for the future, it's that 'accepting' click-through corporate EULAs containing unconscionable terms that few read will no longer be considered consent.
I know it's sarcasm, but you don't have to have "big secrets" in order to want privacy. Everyone knows what you're doing in the restroom, doesn't mean you're ok to going to a see-through public restroom.
>Another way that insider trading can occur is if non-company employees—such as those from government regulators or accounting firms, law firms, or brokerages—gain material nonpublic information from their clients and use that information for their personal gain.
How about Grammarly? Or G-suite? They have access to most of the companies out there. I find it terrifying people use Grammarly and it has access to every piece of confidential word written.
Grammarly should absolutely be banned. Their privacy policy is horrible.
I'd suggest companies look into LanguageTool's "On-Premise" commercial offering or run the Java-based server themselves (with N-Grams). Is it as good as Grammarly? Nope, but it is "90%" as good and significantly more private.
G-Suite is a super interesting case in that you literally cannot use the product without handing over your data to Google. It certainly seems like companies would hate that, particularly those with data protection obligations. Google does theoretically require a Business Associate Agreement (BAA) if your use case is subject to HIPAA and you intend to store or transmit PHI using their services, but I don't know how they detect or enforce that. [1]
Since when does complying with data protection mean "you must own your entire tech stack and run it on prem"? Google[0] states that they don't use your data for anything more than running the service, and there are multiple pages detailing how they secure data on their servers from both employees[1] and attackers[the rest of the document].
PowerPoint has a feature where it uses machine learning to suggest layout and design changes for your content. This feature most likely can be turned off, but of course it needs some data on what's on your slide to suggest changes.
I hope this submission is flagged and removed. Just because you don't like Microsoft doesn't mean such misrepresentation is okay.
So you agree that Microsoft sends the content of your Powerpoint slides (and, by extension, all DoD powerpoint slides, since they're notorious users of the application) to Microsoft?
> and, by extension, all DoD powerpoint slides, since they're notorious users of the application
This is a pretty huge exaggeration here. Closed rooms exists and are used when appropriate.
And just because something is enabled in the consumer version by default does not imply it's enabled and available in enterprise settings. Last time I dug through the office GPO templates - basically every phone home feature was easily disabled on an org level if desired.
Further - what do you think something like Google Slides is doing with your data? It's ALL stored on Google's servers by default.
Right; when I saw title I assumed Designer was going to be the context. I've also observed that Designer only works when I'm online, so I figured out that it uses external servers to generate suggestions.
I suppose it could/should be more obvious/explicit on the Designer pane itself, something like "This is an online feature that uses Microsoft's servers to generate recommendations", or a more user-friendly language.
Note however that the article is light on details; does it send a full content of slides? Some hash of text and images? A non-identifiable abstraction of layers involved? This could be done well or poorly.
(I don't think the submission should be flagged FWIW, but I agree that it's not of good enough quality to deserve great ranking; but that's of course subjective:)
I don't really care that it has a feature that's the reason they're sending data off to Microsoft, I care that they're sending data off to Microsoft and it's not blatantly obvious to the user.
When you turn on the feature it is VERY specific that it sends the data to external servers. There's a disclaimer and everything, right in front of the user.
Now, is it a glaring red pop-up? No. But IT department's can also choose to disable the feature if they don't want their company to use it.
I am genuinely curious as to why the MacOS version says "The first time you try out Designer, it asks your permission to get design ideas for you." and the Windows version says "The first time you try out Designer, it may ask your permission to get design ideas for you."
Can Microsoft use some other setting in Windows as justification for bypassing the permission step?
Funny, I would have read that page and said that it was blatantly not obvious what was going on except that the privacy policy call out was a red flag. I wouldn't have thought anything of it needing to be enabled, lots of features are things that you might not want enabled by default. And having a privacy policy is definitely a red flag but it still doesn't say "we're going to send the content of your slides to Microsoft for processing".
In short, I pretty strongly disagree. I think that if you had a hundred users look at that page or click through enabling the feature, and then asked afterwards how many of them thought that the feature was going to send their slides to Microsoft, at least 50 of them would be very surprised.
That is a help page guiding the user on how to use the feature. Of course it’s going to be “hidden” when turning on the feature is the smallest step to using it.
If to use the feature you are explicitly asked to turn it on, with an option to view a privacy policy, that is “blatantly obvious”. It isn’t hidden or buried under a dozen other settings when you install PowerPoint, it’s done at time of use.
How, exactly, would you want it to be more obvious? A big red box every time the feature is mentioned in the help site? Be realistic here; in terms of user consent this is perfectly fine.
> If to use the feature you are explicitly asked to turn it on, with an option to view a privacy policy, that is “blatantly obvious”.
I disagree.
> How, exactly, would you want it to be more obvious? A big red box every time the feature is mentioned in the help site?
Yes, more or less. I would be perfectly happy with a single red box at the top that says this feature sends the contents of your slide to Microsoft. I am not okay with linking to a privacy policy that nobody's going to read and pretending that that's informed consent.
> Yes, more or less. I would be perfectly happy with a single red box at the top that says this feature sends the contents of your slide to Microsoft.
As a user I'd like the ability to opt-in/out of this. I much prefer a privacy policy that captures all of it for the app. Otherwise, I have red boxes showing up non-stop using most apps. Can you imagine the sheer number of red boxes you'd get for Netflix the first few times you use it!
> As a user I'd like the ability to opt-in/out of this. I much prefer a privacy policy that captures all of it for the app. Otherwise, I have red boxes showing up non-stop using most apps. Can you imagine the sheer number of red boxes you'd get for Netflix the first few times you use it!
Of course it's impractical in today's environment, but I think we'd be in a much better place if we'd established early on the idea that a piece of software that massively violates your privacy (which is to say, all of them, nowadays) comes laden with a terrifying number of red boxes when you read its privacy policy.
IT has disabled the feature for us, and quick googling didn't turn up any screen shots, so I can't see the prompt myself, but given how it is described it doesn't seem adequate to me. When software asks permission it needs to say what it is asking permission for. Something like: "This feature will send your slide contents to Microsoft's cloud servers to search for relevant design ideas. See our Privacy Policy for more information on how we protect your data". It doesn't need red flashing lights, but the user shouldn't have to dig around to determine what/why the program is asking confirmation.
Okay, I found a screenshot of the request[1], and I don't think it is clearly communicating to the user what they are agreeing to. On the good side, they do clearly describe which information is involved (search terms and document content), but on the bad side it isn't clear about what is being done with that information. In particular, for over 20 years Microsoft had used "Office" to mean a piece of software running on your own computer, so saying that "Office" needs to "collect" information doesn't clearly convey the idea that your documents being sent over the internet.
> The first time you try out Designer, it may ask your permission to get design ideas for you.
I don't know the wording for the dialog itself, so I will comment on this wording instead.
Asking permission to "get design ideas for you" is absolutely wrong. They are asking permission for the wrong thing. They should be asking permission to "collect content from your slides". They can then explain that the upside is that in return you get access to design ideas.
Depending on the context of the dialog an appropriate wording would be something along the lines of this: "In order to access design ideas, up-to-date slide contents need to be regularly sent to Microsoft servers. <Agree> <Cancel>".
edit:
- Would you like some chocolate sprinkles with that ice cream?
- Sure!
- Cool, <while sprinkling chocolate on your ice cream> it will cost $100 and your left kidney.
This statement asks for permission to fetch data, not to upload my data.
Uploading data based on this statement is a blantant violation of customer expectations, so obvious you don't need to be neither a ux expert nor a lawyer to see it, you just need to read carefully.
I don't think he implied that your data gets sent out.
We don't really know yet if your data/powerpoint content is sent to Microsoft, or if Powerpoint just goes out and looks for layouts, fonts, etc. without communicating any of your text.
The article has a low signal-to-noise ratio. It is just a single paragraph claim that doesn't delve into anything nor inform its audience of anything. Why shouldn't it be flagged?
If this claim was posted as a HN comment without citation or further explanation it would likely get flagged, why are submissions held to a LOWER standard?
> I hope this submission is flagged and removed. Just because you don't like Microsoft doesn't mean such misrepresentation is okay.
I don't think we know the motivation of the submitter and we should not assume any motivation beyond introducing the link to the community to consider and discuss the content.
The article is very brief and seems to highlight that the designer suggestion needs to submit your slide content to make the suggestion. The question as to whether we consented suggests that we have (through the usual click through), but, to me, it is really asking something like 'do we understand the implications of our decision to consent?'.
I don't see anything being misrepresented nor do I infer there is some sort of anti-Microsoft (nor anti-anyone/anything) in the article. It does seem to suggest there is something for people to consider in that we often 'consent' without really thinking through the outcomes of what is supposed to be our willing, informed consent.
Too often we split into binary extremes when we should really take time to be thoughtful and considerate of questions being posed and where that consideration takes us and helps us to find insights and opportunities to improve ourselves. I encourage people to not automatically jump to our 'team position' (whatever that is).
"Automatically show me design ideas" is a pretty visible option in Preferences (looking at my Mac here, can check Windows later, but I remember turning that off on my new laptop since I just never _use_ the suggestions and they came up when I was traveling and on slow Wi-Fi).
I also believe it can be managed by policy.
MS FTE here, I have no direct awareness of how the feature works and am not affiiliated with Office - but I'm sad that something meant to _help_ people (if this raises hackles, I don't want to see what the OP says about the accessibility checks) is used to bludgeon my colleagues publicly.
If that is the feature in question, neither the app itself, nor the online help shown when clicking "About PowerPoint Designer" give any indication that your slide contents data will be sent to MS.
Have you actually used the thing? Again, I'm an MS FTE and not privy to the internals, but it gives you _layouts_ with your local text filled in. It's a visual template suggestion engine, it doesn't _need_ your text to work.
> Please don't post insinuations about astroturfing, shilling, bots, brigading, foreign agents and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email hn@ycombinator.com and we'll look at the data.
Joking aside I think we are getting close, Photon did a lot to bridge with Windows in terms of gaming, GUI is often times at least on par with Windows/MacOS, if not better (obviously thats subjective), and reliability/performance has already been there for a while.
That being said, I still think theres more work to do, and arguably the hardest work is ahead.
Linux is on par with Windows kind of but not really. It's a little ghetto
For example, desktop environments are just wonky and buggy most the time, random games don't work, WINE is the worst piece of software on the planet, drivers suck, other random weird issues.
> For example, desktop environments are just wonky and buggy most the time, random games don't work, WINE is the worst piece of software on the planet, drivers suck, other random weird issues.
When was the last time you have tried linux? With exception of wine, which on its pure form is indeed annoying, nothing else is true. Gnome/KDE/Cinnamon are just fine (not my cup of tea but far from buggy/wonky). I have no problem gaming even on i3. For driver on many distro you can check a box to install the proprietary Nvidia driver.
You can use lutris to easy the pain of wine, and if you use proton on steam you are just have to click install like windows. You can check here the compatibility:
Also let's not pretend that windows is walk in the park. I have had my share of problems with drives/games not working on windows as well. That is just the nature of trying to run games on PC. It ain't never gonna be as easy as on consoles.
> desktop environments are just wonky and buggy most the time
Of course it depends on the DE ou're using, but I'd encourage you to give it another shot. This was certainly the case at one time, but I tried Fedora earlier this year and was shocked by how stable the UX is. Not even in the "wow, this is nowhere near as buggy as it used to be" way. I can't speak for all distros, and I do know some which are less than perfect, but Fedora at least was certainly an eye-opener.
> random games don't work, WINE is the worst piece of software on the planet, drivers suck
I get why you, as the end user, wouldn't care about excuses, but to be fair none of these are entirely the fault of linux because they're trying to get things to work that the original developer didn't intend to run on linux.
It'd be like blaming Microsoft for MacOS apps not working on Windows, or visa versa. Again, as the end user thats not really your problem, if you need to run a piece of software and the OS doesn't run it, it doesn't really matter why, but I don't think this is an example of buggy software on the side of linux devs.
It's true though. The Steam Deck is amazing, most games just work.
I agree that the GUI part is subjective. I find even the jankiest of Linux DEs to be better than Windows 10 and 11. I still find macOS quite superior, and the one area where this is not going to change any time soon is the cohesion of UI/UX between different apps and the OS.
Performance is unbeatable on Linux. Reliability depends a lot on the hardware and distro. This fragmentation makes it less approachable "on the desktop".
Glad you mentioned fragmentation, I couldn't think of the word for it and decided it best not start describing it, or you start getting into things like whether or not the distro-specific package manager is truly the best way of handling things (not saying its not), which in many eyes is heresy to even bring up.
Cohesion is without a doubt better on MacOS, though again linux is getting closer. A small thing I wish I didn't notice as much as I did is the "top bar" on not-so-well built electron apps. Apps like VSCode and Electron handle this really well, but others don't (Simplenote is the only one that comes to mind). On Windows, this results in a really very striking white top bar, fine if you use a light theme, not so much for dark theme. On linux, or at least gnome, the top bar (whilst being a bit too big for my liking) much more seamlessly integrates with the rest of the OS.
quite the opposite. the next era will be online-only SaaS apps accessed via rented thin clients tied to your real identity.
and your dangerous general purpose legacy hardware will not save you from that, as it will be impossible to access the internet with a device that doesn't disclose your identity. to combat disinformation and hate speech, of course.
Happened the other day on HN. "Imagine we could use this to stream movies to astronauts on their way to Mars" / "well... you know local storage is a thing, right?".
I don't have a link to that exchange handy, but this for the first time drove home to me the realization that we have a whole generation of people brought up on Internet streaming services, who may not even realize that it's not only possible for the media to be stored locally on their machines, but it's in fact the natural state for data.
I think i've finally reached that point where the latest trend just doesn't make sense to me. In this day and age of ever increasing connectivity and bandwidth offline first web applications just don't make sense. Take an offline-first app running in your browser and then cover the address bar and buttons with a sheet of paper, now you have an Electron app. Why not just use Electron if a desktop/unconnected webapp is what you want to do? Actually, i suppose if the front-end guys just wanted to get rid of the back-end guys then an offline first trend would be a way to further that along haha.
This is a one paragraph claim that doesn't provide resources to show that their claim has basis. It could very well be entirely accurate, but there's no information contained here to know one way or the other.
For example there have been numerous claims made previously that link ANY network traffic to a supposed invasion of privacy, but once you delve into the underlying traffic it isn't nearly as nefarious as it initially seemed.
This article is telling you to "open up the network monitor of your choice" but network traffic and CONTENT are apples Vs. oranges, and yet we're meant to draw conclusions from that? We're meant to know Microsoft are taking your slide's content whole-hog? Isn't that yet to be determined?
Yes. OP's post doesn't present any evidence that those packets being sent actually contain your personal data. Show us some data from an actual packet or GTFO.
This doesn't bother me too much (but it would if I worked at a different company - I'd have concerns over company secrets). It's the browsing history which is by default sent to GOOG/MSFT which bugs me. On by default, and I'd swear I've seen it get reset on Chrome.
Chrome:
Settings > Sync and Google Services > Make searches and browsing better
Edge:
Settings > Privacy, Search and services > Personalize your web experience
I've raised this point repeatedly in different orgs. It's met with some combination of indifference and lack of understanding and not-my-responsibility-ism, but I'm sure that this will eventually blow up hard in some company's face - like 9-digit settlement for breach of contract, or worse things like breach of export control laws.
Enterprise data security on the "MS Office level" at this point is like driving 60 mph on a road with no lane dividers. You just pray that you never meet a drunk driver or someone texting in oncoming traffic who suddenly swerves into your lane. You pray that none of your employees click the wrong button and bankrupt the company.
Did you read the article? I find your jaded sense of cynicism to be different than critical thought. I don't see any proof in the article posted about its claims. It's just very easy to get jaded, cynical people to support the right headlines on social media. Hacker News, be better.
Powerpoint is the raison d'etre of an entire class of middling bureaucrats. They'll fight tooth and nail to protect their turf and preserve their role in society.
Yeah. The HIPAA data needs to be encrypted and you have to report everyone who has access and you need patient permission to share. HIPAA is bad, but ITAR violations put you in jail!
Wouldn't it be easier to ban putting HIPAA protected information into a PowerPoint? We don't ban telephones just because an employee can read patient records over the phone.
Of course putting ePHI in PowerPoint presentations should be against policy. The thing is, when it does happen, it's almost always inadvertent. Unfortunately, the "oops, my bad" defense isn't valid against violations of the HIPAA privacy rule.
Doctors routinely need to present cases to each other. It often involves pictures of the patient and other identifying information that is essential to describe the case in detail. They need some way to do this.
Any healthcare institution is going to have a Business Associate Agreement[1] with Microsoft. OneDrive is one of the allowed/suggested ways to transmit PHI where I work.
HIPAA is prescriptive, not descriptive. It does not lay out specific standards to reach. Only overly vague and broad guidelines. Because of this the industry has more or less developed its own best practices that should be good enough.
What this means is that healthcare providers have annual audits performed by third parties who check compliance with these "best practices" which may or may not have any relation to what the lawmakers intended. Its ultimately about checking boxes. yada yada security is hard. You can't write a law that describes a security posture and expect to be relevant for more than a year at most.
I can't believe how many companies in general are leaking massive amounts of sensitive data to Microsoft. With Outlook alone MS much have an incredible amount of data on nearly every business and an unprecedented amount of insight into what they are doing.
Windows 10 has only made the problem worse. The last desktop PC I got from my company's IT department had windows 10 on it and it was configured to send every last keypress to MS. Why they had the Windows 10 keylogger enabled I'll never understand, but at least it was easy enough to disable.
the bar to drive in Germany is significantly higher than in the united states. Requirements for getting a drivers license in America is ridiculously lenient because the American lifestyle is completely car centric. taking someone's license away is tantamount to sentencing someone to poverty.
The Autobahn has a recommended speed of 130 km/h. OP was talking about Landstraßen having a speed limit of 100 km/h. The two are very different kinds of roads. The Autobahn does have concrete dividers and hard shoulders for example. It also has a much more predictable design compared to a Landstraße.
Depends. In Germany we try to set the speed limit at the speed you should be driving in clear and dry (or slightly wet) conditions. In Sweden in the other hand I've seen roads where no sane person should be going the posted speed limit
"Unless I’m misunderstanding and lane dividers mean the printed lines."
Well, we also have plenty of really narrow roads on the countryside, with no lane divider, no printed lines and - no speed limit, where you could do 100 km/h, as well.
(And well, some people do, but if you crash, it would be also legally your fault, for not having the adequate speed, even if there is no formal speed limit. Which is a nice counterexample to the usual, everything is forbidden unless it is explicitely allowed mentality)
There are a lot of roads in the US with a 55MPH speed limit and no lane dividers. In many states, all rural roads with no posted speed-limit have an assumed speed limit of 55MPH. People drive 60 on such roads all the time.
Largely true, but worth noting that each state has its own speed limit. Vermont, for instance, sets the state non-highway speed limit at 50MPH, so you'll almost never find 55MPH undivided roads in that state. Colorado, on the other hand, has undivided roads with 65MPH speed limits. Much of the Midwest and the East Coast tend to set their limits at 55MPH, though.
Yeah, my point is not that such roads don't exist, they are relatively common, as you say.
My point is that your only "defense" against oncoming drivers on such roads is to pray that they stay in their own lane. This mostly works because people are mostly sober and undistracted and not malicious. It is kind of terrifying when you start to think about it.
Not so funny considering that more than half of fatal car accidents in Germany happen on exactly those streets (744 in 2021). Followed by Bundesstraßen (606 in 2021), which only sometimes have dividers and are usually limited to 100 km/h as well.
In compare, on the Autobahn, which always has dividers but often has no speed limit at all and is not below 100 km/h under normal circumstances there were "only" 318 deaths.
It's worth pointing out that Landstraßen often have trees next to them for cosmetic and "noise reduction" purposes (the latter has no significant effect, although many people believe in it). They are also not necessarily illuminated and can have crossings or sharp turns in addition to nearby wildlife and houses.
In many cases the roads are also used by cyclists or agricultural vehicles which many drivers feel compelled to overtake, which can be dangerous because of limited vision and the need to switch onto a lane that may contain oncoming traffic.
Compared to the Autobahn, Landstraßen are chaotic and often dangerous, not just for the people driving on it.
Does comparing raw number of deaths here make sense without taking into account the total distance travelled / time spent per person on these different kinds of roads? Not to mention other factors like e.g. how tired/inebriated/distracted the average person using these roads is, which is unlikely to be the same for short distance and long distance travel.
Also 744 < 606 + 318 so it doesn't even seem to be "more than half" even with some road types missing.
After the issues with Github Copilot and copyrighted code, my mind is drawn towards similar inadvertent leaking of proprietary information via a model trained on that information.
+1 for the export control stuff, even if I think it might be worse for MS than for the actual customer. At least I hope...
Edit: As was pointed out elsewhere, the phoning home stuff can be turned off at org level. So MS will not be affected by any fallout of potential export control violations.
The entire Department of Defense runs on PowerPoint, along with all of their contractors. It is not at all uncommon to produce slide decks that are either classified or covered by ITAR; this is a disaster waiting to happen.
No. DOD/Gov projects can be hosted in completely secure locations, and Azure for Government follows all the required standards. Office365/Sharepoint supports FedRAMP High. Most agencies are in the process of finishing migrations so that both their desktop and online apps use the same data in secure cloud installations.
Sometimes classified leaks onto unclassified networks via human mistake, coincidence, or ignorance. I've literally seen classified PowerPoint slides marked unclassified due to ignorance. This situation requires security to confiscate all machines the data may have leaked to.
Oh, I've absolutely seen similar, and I don't doubt it's extremely commonplace.
But Microsoft generally supports policies for enforced disabling features like the one referenced in the post. Similarly, data exfiltration from managed to non-managed devices is an entire cottage industry. And generally that's why govt employees are expected to use separate, locked down devices where their compliance-obsessed (hopefully, but not always in practice) admin has total root.
And I don't believe you're implying this, but certainly I don't think it makes sense for companies to _not_ build internet/cloud-connected experiences and features just because there's a possibility that govt officials won't follow their own security policies and best practices.
ITAR regulated information isn't only on the SIPR/High side.
From the perspective of Classified Data this SHOULD not be a problem, but I highlight the "SHOULD" because sometimes these barriers get crossed unintentionally. Mission briefings, etc. may accidentally leak info, and those are almost all PowerPoint.
For the ITAR data though, that's absolutely not only on isolated networks.
This kind of thing in particular should make banks' compliance departments more nervous than usual - Powerpoint is a really key tool for deal teams, and the behaviour is here might just be obscure enough to be missed by people tasked with stopping price-sensitive information slipping out the door.
I am surprised you believe the vast majority of power point users would be handling information that could even breach export laws, or that even the majority of users are making power points to present to people of other nations...
I bet that is less than .01% of all power points created in the world
Microsoft Office is, in general, straight up spyware now. It reports usage statistics back to your boss. Marietta can now see exactly how long YT's mom took to read that toilet paper memo, and make disciplinary decisions accordingly.
Obtaining user data should be a horrifying prospect for companies. They should obsessively work for alternative ways to not need it for their goals. And when they need it, to be ridiculously careful about it. (you could substitute "user data" for "application state" here)
But it's not because there aren't sufficient consequences. Memory leaks don't properly crash the company as they should.
I suspect you mean data leaks, in the context of your comment. But memory leaks should be a thing of the past also - they hint at the quality of the underlying code.
> Memory leaks don't properly crash the company as they should.
Typically, companies just worry about about liability leaks. Which they take seriously enough to dedicate a lot of lawyer time to plugging redundantly with innocuously vague disclosure wording, terms of service wording, difficult to find and inconvenient to use opt-out tools, etc.
I wonder what the NSA or any other of these three-letter agencies think about that, I can remember much of the leaked information consisting of Powerpoint slides.
One possible reason is that the actual data that's being sent is a lot less nefarious than is being implied.
I've seen people vehemently argue that merely checking if a new version is available amounts to horrible invasive unethical tracking. You might want to turn that off for the truly paranoid situations, and that's fair, but it's of course completely different than "sends all your data".
I don't have a Windows machine and I certainly don't have PowerPoint, so I can't actually check anything myself. But I see a lot of confirmation biasing going on in this thread, and I bet most people didn't check anything either. All I can give this article is a shrug.
"Telemetry" is not "sending the contents of your documents" (or at least, not necessarily so). This comment kind of demonstrates my point about the complete lack of nuance in these conversations.
And to reply to your reply:
> That’s exactly what telemetry is
The common understanding of telemetry is sending metadata about how people are using software. That is, things like "this button was clicked", "this feature was used", etc. That is my understanding of the word anyway.
Either way, this is a bit of a boring semantic discussion; my point is just that there is nuance to these things, and that this article doesn't really tell us anything concrete beyond "the network is used". Well, okay ... but for what, exactly? Because that does matter.
That’s what it meant a few years ago to me as well. But has expanded in practice. Yes this is too much focus on a single word.
The article states that text content is being sent, and that it makes sense according to the touted feature. Enough details given what we already know, though stingy.
More info would be useful to folks less familiar with the subject however the core issue here is somewhat old news.
> I've seen people vehemently argue that merely checking if a new version is available amounts to horrible invasive unethical tracking. You might want to turn that off for the truly paranoid situations, and that's fair, but it's of course completely different than "sends all your data".
Hahaha, I've been there. And in an open-source code base, no less! We were using a closed-source library to actually send the version data up to the telemetry service we were using, but the payload and how we were handing it to that library were clearly defined in our own source. We even had to request a correction to a major IT news outlet because they had some vague language about "and no one could possibly know what kind of telemetry $BigCorp is sending, and it can't even be disabled". Both were demonstrably false: the payload was visible in OSS, and we had a well-documented env variable that you could use to disable the version telemetry before you first start of the application (which was linked from the graphical installers as well).
In this case, I think the entire content payload is probably being sent up--if you've ever used this PowerPoint feature, it's clear that they're suggesting icons and themes based on the words in your slide--but there's a clear as day prompt explaining what's going on when you first enable the feature.
I'd _prefer_, of course, that Microsoft figure out how to bring the model onto the device so you _don't_ have to go off-box. Google managed to pull this off with the Now Playing feature on their newer Pixel devices[1]. But it is really hard, and I do somewhat understand the business aspect of "that's our secret sauce, we don't want to give it away".
What I want is Little Snitch on steroids built into the OS where every process, including all native ones, including UI apps, are blocked from network connectivity by default, and the user gets an easy monitor of outgoing traffic with TLS/SSL inspection built in (you'd need some OS API to enable that).
Kind of like granular oauth permissions, apps should have to declare which outgoing they have, a description/why, and allow inspection of the actual traffic.
What Adobe CC, Google Chrome, MS Office, and macOS/Windows itself do with this background network connectivity is completely out of control and abusive to the user. They get away with it because the vast majority of users are non-technical and don't realize it's happening.
I've profiled and decrypted the background traffic on a stock Android install and the volume was also appalling. Getting macOS to 0 background traffic involved blackholing large Apple IP blocks at the router, whereas some of their processes use random IPs from these ranges and don't use DNS.
Just as the general public doesn't have the awareness or ability to fight for their privacy rights I doubt any of this will ever be remedied.
> with TLS/SSL inspection built in (you'd need some OS API to enable that).
I'm not sure of that. Provided you can add a cert to your OS, you should be able to get away with a piece of protocol downgrade network gear that you can then pipe to a different (ideally, offline other than UDP receive) computer for analysis.
You'd need to disable HSTS, but other than that I think it should be the solution you're looking for. Oh, and for good measure, ethernet cable instead of wifi.
You "just" need the key to the encrypted traffic. You don't have to change the handshake/negotiation, you just want a copy of the key so you can decrypt the traffic.
In TLS, the client authenticates server, then they both agree to use a key for the session; the OS can get a hold of this key (this is usually a bad move because then any captured traffic frames could be later decrypted).
I believe the Mac OS networking APIs go a little bit of the way there - in Lulu, an open source alternative to Little Snitch, the connection prompts tend to contain (and let you filter) by the URL visited (including the query after the domain name). This isn't done through TLS interception, but I believe it's through the network extension API on MacOS receiving the URL requested, as long as the request comes through the regular APIs.
It's a long time since I looked, but I think some apps (mainly ones not using native APIs) only showed the hostname, rather than full URL/API endpoint path.
This also didn't show you the content, or method type (POST vs GET), but to do that you'd really need to start doing proper SSL inspection as you suggested.
What indication is there that Microsoft wants to keep this traffic secret? The OP was able to detect and inspect this traffic with standard network monitoring software.
Since 2014 I don't trust my macs. There is no Apple computer without LS installed on in my company. Actually, if LS is not available, I will not use Apple computers at all. Period.
Not OP, but for me the answer to your question is: is a tool I need. I _could_ use Windows, and absolutely not Linux/BSD (for the programs/tools I need for work), and, frankly, I don't think Windows is better.
Yes, I know that's not completely true. I _could_ use Linux (I even used Solaris on a notebook for 2 years in the past and I survived) but the cost in terms of effort, lost productivity would be higher than I'm ready to pay. It's a rational choice.
It's complicated, but the 2013-2014 years were when the bulk of the Snowden leaks were hitting the internet, and people were starting to dig up really suspicious stuff relating to all big tech companies, not just Apple. However, Apple was still among the companies compliant with PRISM, the NSA's newly established surveillance/tracking effort that also roped in Microsoft, Google, AOL and any other major service provider you can think of.
The implications of this are unclear. I like blowing these claims out of proportion, but in reality we genuinely have no idea what this means. It could simply signal that Apple is complicit with benign cloud-storage security procedures enforced by the USA. It could also mean that the US has carte-blanche access to iCloud data and decryption keys. You're free to draw your own conclusions, but the surrounding context seems to imply that Apple has an under-the-table relationship with our government (as does most of the tech industry, surprise surprise).
Oh, and I don't really know/care if LS is harmful. You should be aware that it's not going to outsmart Apple if they want to collect your info, though. They have kernel-level networking access, which companies like Microsoft have abused in the past to collect telemetry on crafty users. It's probably not harmful, per-se, but your perception of it as an impassible wall might be.
LS is not the only solution that I use. But is a good start and limits the telemetry baked into the macOS significantly.
On my Debian installs, I use Open Snitch.
https://bit.ly/3t6VSCk
If worrying about closed-source threat models is something you spend a significant portion of your time doing, you shouldn't be using MacOS in the first place.
How do you know there are no outside efforts to log linux activities? There's a lot of source code to go through and is it possible there are callbacks even within OSS that most people are not aware of?
At least its possible _in principal_ and many people out there can at least look at the code even if you can't dig through yourself. With Windows or OSX you're just out of luck.
Well at least with open source, you CAN verify it. There are people and companies who do audit
You're replacing a big and unstoppable problem with a smaller one that can be mitigated
I don’t need to go through all the source code myself. The fact that Apple itself, for example, relies on Linux for most of its servers and has not raised any alarms about bits of Linux phoning home is a pretty powerful heuristic that it’s relatively safe.
Multiply that by all the multibillion dollar other companies, the tens of thousand open source focused smaller and large companies, the hobbyists, the enthusiasts, the CS professors, the CS undergrad and grad students, the PHD candidates who would be thrilled to discover a flaw on the basis of which they could write their thesis, etc. and I think one can have a fair degree of confidence.
There’s still a decent chance something would be missed. But it’s much smaller than the chance that the proprietary OS owners, whom we know for a fact phone home and have been trying to collect increasing amounts of data, are sending stuff we may not know about.
> The fact that Apple itself relies on Linux for most of its servers is a pretty powerful heuristic that Linux is relatively safe [paraphrased by me]
Many world-class companies depend on Windows, so does that mean you think Windows is safe?
An individual does not have the same access to custom tools, and teams of competent people, that ensure their usage of the Linux ecology is secure.
A recent example: I was investigating using CloudFlare Functions, because I think CloudFlare has world-class security and that “serverless” product avoids many security issues I might have with other solutions. Yet one setup step suggested piping in a script from curl to shell (commonly suggested for install steps!). Even worse, https://github.com/cloudflare/wrangler2 is their CLI tool to help development, and Wrangler is based on the node ecology, which is completely insecurable as an individual developer IMHO (trillion dollar companies can probably secure the dev environment). I use a VM to provide some sandboxing, but it still leaves me feeling icky.
Yeah, this is a strange take to me. Akin to catching the fox guarding your hen house eating the hens and reacting by having the fox install and monitor a security camera for the hen house. The problem is still the fox and he'll just turn the camera off when he wants the hens.
> What I want is Little Snitch on steroids built into the OS where every process, including all native ones, including UI apps, are blocked from network connectivity by default, and the user gets an easy monitor of outgoing traffic with TLS/SSL inspection built in (you'd need some OS API to enable that).
If you want to you can do that with Linux.
Sure you'd need to use the CLI, and a combination of tools but you can pinpoint every packet to an associated process and if you add your self made cert to trusted certs, then you can decrypt TLS as well in most cases.
Nah, you can't. The issue is the "easy monitor outgoing traffic with TLS/SSL" part.
It is not impossible but it is far from easy. If the application uses statically linked SSL client (as it should if it is commercially distributed) then you have to modify the application (for example in memory) to get a copy of everything that gets written to the SSL stream.
You know how you can do Ctrl+Shift+K in Firefox to open up the browser console and inspect all the bits of the page, see the code (and fuck with it), see all the network traffic, and so on? I dream of being able to do that for arbitrary applications. Imagine having a Super+Ctrl+Shift+K that opened an OS-level GUI showing all the pertinent details of the running program.
I believe the parent commenter is aware of that - they’re describing their wish for a tool that makes monitoring native application requests easy and transparent, similar to the experience of using browser devtools with web apps.
For this to work well, all your apps need to run with not being able to do their own TLS, but to various (reasonable) reasons a lot of applications today do their own TLS.
You also don't want to add self-signed certificates, but grab the traffic _before_ it gets encrypted IMHO.
In some cases it's still quite viable, like if they dynamic link to OpenSSL (or similar) you could create a facade which allows grabbing traffic.
But things get problematic when it's statically compiled in and not open source.
Additionally there are quite a bunch of use-cases where the encryption is not TLS, like e.g. with some WebRTC applications it's not uncommon to have an encrypted channel we could access to a broker server but in that channel E2E encrypted messages are send e.g. using libsodium statically compiled in.
While i partially agree, even DNS query/http headers (I'm not sure if that is encrypted with ssl?) Could be useful here. Told the software not to connect to cloud, still connects to cloud. Enough reason to complain.
> You also don't want to add self-signed certificates, but grab the traffic _before_ it gets encrypted IMHO.
that would be ideal but self signed + added to trusted store works
> Additionally there are quite a bunch of use-cases where the encryption is not TLS, like e.g. with some WebRTC applications it's not uncommon to have an encrypted channel we could access to a broker server but in that channel E2E encrypted messages are send e.g. using libsodium statically compiled in.
yeah youre right.
In other cases the only options we have are ld_preload to catch encryption lib. If that doesnt work we can still use ptrace to capture syscalls but encryption will be done in userspace so capturing network activity wont help us with encryption.
Like the other guy said, the info we can gather is still useful.
Reverse engineering + modyfing the binary is a possibility too but it gets complicated fast, especially if they intentionally try to protect it. I feel this isnt really an issue with jvm or interpreted langauges but with the others its hard especially if theyre statically linked. C/C++ have good enough decompilers that its still possible, I don't know about Go/Rust tho.
> Keep in mind, simplewall is not a control UI over Windows Firewall, and does not interact in any level with Windows Firewall.
> It works over Windows Filtering Platform (WFP) which is a set of API and system services that provide a platform for creating network filtering applications. Windows Filtering Platform is a development technology and not a firewall itself, but simplewall is the tool that uses this technology.
Even if it was a wrapper over Windows Firewall, why would that make you trust the filtering less? Like even if it was running fully custom ring 0 code, there's still also Windows kernel code running at the same level. Microsoft could make the kernel interfere however they want.
Like how MS ignored the hosts file if you tried to use it to block windows update. Ultimately MS has final say on what you're allowed to do on windows and they can force updates that disable or enable any kind of behavior they want. It's their system.
If you don't trust MS, don't use windows or at least never ever let connect to the internet. In a fight between you wanting to keep your privacy and an OS designed and determined to exploit you for profit, you will always lose.
I'm to the point of getting a separate hardware firewall and putting that between my computer and home network. But when you do that, you won't be able to tie activity back to an application... maybe the new nextgen firewalls can if you install some sort of agent on the computer? Idk....
I briefly experimented with using such an agent to communicate with a separate hardware firewall and found it was not worth the effort for myself and a better solution was just sandboxing anything I don't trust in a VM, since escaping a VM is harder than compromising the local agent to mask the traffic as coming from something else.
I'm using malwarebytes windows firewall control and it does block itself. I'm constantly dealing with Windows 10 crying over defender not being able to update itself and popups that I may have a virus that is blocking defender from calling home.
On Linux there is OpenSnitch that does its job nicely, although I experienced some occasional desktop slowdowns even after training it to open everything for trusted programs.
I still recall the old days of Windows when I tried Kerio Personal Firewall and realized how much software already phoned home two decades ago. That was the last wake up call that pushed me into getting rid of closed source software, possibly also hardware, especially when they connect to the internet.
I second OpenSnitch, I haven't face any shutdowns due to it yet. For those coming from LittleSnitch on macOS might have to look into the finer details of the connection in the Allow/Deny dialog on OS to get the best results.
Slowdowns, not shutdowns, luckily:)
The desktop (XFCE under Debian if that helps) just hung for a while like it was waiting for me to allow some rules, but didn't show the requester to do so, also the timings were random, could have been from 2 seconds to 5 or more.
From what I understand opensnitch use ebpf to match where the exiting packets are going. TCP being TCP, it is easy to know where the incoming answer will be delivered to as well.
Not sure if this would work also for connectionless protocols such as UDP.
That is, if I open a socket and send some datagrams to an external address:port to exfiltrate users data, then close the socket and exit, I don't think it would be able to tell which program did that, unless it detects it live.
Probably the closest thing these days is to use the cgroup match extension, together with something that makes sure separate apps are moved to their own cgroup. But that cgroup would be under a separate parent cgroup for each user so it's not ideal.
I expect NFQUEUE or some EBPF magic is a better way to do things - you don't want to be constantly adding/removing per-process iptables rules.
The owner module can control outbound communication by uid/gid. [1] There are no modules to handle things by PID AFAIK. This can however be accomplished by SELinux and Apparmor custom rules but that is a loaded topic.
Firejail [2] and Bubblewrap [3] can put limits on application capabilities and/or take away network access. Firejail has default policies for many applications, all of which can be overridden by user configurations in their home directory. Firejail leverages Linux Capabilities and AppArmor. For example, when I launch VLC even if it were configured to pull down album information, it could not. If one day they added default-enabled telemetry to VLC it would go nowhere.
A round-about and heavy handed way to manage communications by PID would be to isolation applications in their own VM or container and map the VM or container to a unique user or group.
OoenSnitch can, but it's not implemented O:) (only as a PoC)
But does it have any sense?
Usually you block inbound connections, allowing only certain services. If a rogue process starts listening on a local port, you could display a warning alert, and as inbound connections are already blocked you'd be safe (as long as you trust netfilter...) and you wouldn't need to ask the user to perform an action.
The slowdowns are because it still has to hold every connection until it can check which program it is coming from and whether that program is trusted or not, even when the same program creates multiple connections.
To get around the slowdowns, I made an alternative program called picosnitch which only monitors connections since I just stop using anything I don't trust or move it to a sandbox. It also uses BPF, has fairly low CPU usage, and some other features for improved reliability and detection of programs.
I believe, even if I have not tried yet to do this, that you can do this in Linux if you create one or more virtual network interfaces in some namespaces, and you ensure that only that interface or those interfaces get IP addresses.
Then any program that is not run inside the namespace with configured virtual network interfaces can see only unconfigured interfaces, so it will not be able to open and connect sockets.
The Internet browser and any other program that needs network access, e.g. a NTP server, DHCP client, e-mail client etc., can be run inside the namespace with an IP-configured network interface.
The same could be done in FreeBSD by using a jail for the programs that need network access.
Obviously, this would not be enough to prevent network access for a program that would be aware of this configuration and would try to circumvent it, because such a program could list the network namespaces and try to execute itself, or another helping program, inside the network namespace. For complete isolation, all the programs for which network access is not desired would have to be executed inside a distinct namespace. That requires a more complex configuration.
I was just thinking about this- pair that with a iPad that sits on refrigerator and shows your grocery list and family calendar. Then it blocks your smart tv from sending data out and allows family to keep organized. Does 3 things very well and that’s it
We could go to our EU representatives and ask for them to make it mandatory. Though I suspect it'll go down the same way as the GDPR, at least at first.
We really just need a clarification/ruling that ANY telemetry is not essential to providing a service and thus requires informed consent before it can be collected and consent cannote be required to use the service. And then enforcement against all these applications.
I don't think adding technical layers to block these data leaks is going to work long term.
> Kind of like granular oauth permissions, apps should have to declare which outgoing they have,
Just like PayPal. There's a table you can bring up that lists everyone you ever engaged with on paypal for recurring pricing, and deactivate them.
I've wanted exactly what you describe for years. Little Snitch taught me that there's just too much data that isn't organized properly. Even if you get down to the app level (like PowerPoint), it is still transceiving a lot of data. How do you tell what is necessary and what is dubious telemetry?
Why not just disable the network interface and see what stops working.
Why not set the Windows computer's gateway to a computer that the user can properly control, i.e., do not give the Windows computer direct access to the internet.
Windows is an OS that was created before the public had access to the internet.
It worked just fine "offline", i.e., connected to a LAN but not an internet.
Same for the Mac.
To be honest, I cannot think of many PowerPoints that needed internet access, at least not in the fields I have worked in.
Obviously, "tech" companies want personal computers to be online for every waking moment of their owner's day. Neverthless it is in fact possible to "block", i.e., not assent to, much of this outgoing transfer of personal data/metadata to "tech" companies at the user's expense. I have been doing it for over 20 years. With few exceptions, I inspect all HTTPS traffic that I allow over the networks I control. The "tech" companies gathering this data do not pay for the user's internet or cellular service. The user covers the cost of the data transfer.
Change begins with the people who know how to make it. For example, it is not difficult to stop PowerPoint from phoning home. Why go along with it. But when those with the requisite knowledge year after year make statements on HN how it is futile to thwart any personal data mining because it is not 100% "perfect" solution,^1 I have been seeing these comments on HN for many years, then it is arguable this becomes a self-fulfilling prophecy.
The "majority of people", "general public", etc., do not know they have a choice. They will use whatever is presented to them. What happens when those who do know there is a choice go along with what "tech" companies present to them. They are in no position to blame "the majority".
Certainly, those working at or investing in "tech" companies would welcome a lax attitude toward avoiding data collection. "Nothing is going to change because no one cares." Tell that to Zuckerberg after Apple prsented its customers with the means to "block" some of Facebook's data collection.
I guess since we all use MS mostly for business purposes we don't care so much about privacy. It's something our managers sign off on, in the name of security, features and really nice value for money. But oh boy, do they know a lot about us and our businesses. I mean, my office apps have "LinkedIn services" on by default [0], so they are linking all the things to all the things.
The future of personal computing is really dark these days. I just attended an apple event for education and government. The amount of data tracking and the standardization/normalization of this behavior is dystopian.
What happened to computers being just fun and a source of exploration and freedom?
Microsoft, Gooogle, Apple all constantly push their cloud based accounts … where everything is tracked.
On the other hand, Atlassian’s stock lost 66% of its value, and it could be because investors notice that converting people to the Cloud is not currently working.
Atlassian should have better bet on their Server solutions, but they really really wanted to be a cloud operator. “For strategic reasons.” Maybe for governmental reasons, who knows.
> it could be because investors notice that converting people to the Cloud is not currently working
Given the barn storming financial performance of other cloud operators and Atlassian's impressive record in (un)reliability, I think investors are quite aware that converting people to the cloud is going swimmingly most places that aren't Atlassian.
It's a contentious issue in AppSec where most vendors want you to upload source code to their cloud for anything other than the most basic of scans. There are SLAs for how long the vendors can retain the source code they scan, but many clients are not aware of how much of these scans are performed manually behind the scenes by humans and how few of the vendors have their compliance audited. The possibility of a vendor failing to properly secure your source code is risky enough on its own, but it being accompanied by detailed reports of the security vulnerabilities in the code should cause some hair to stand on end.
> It's a contentious issue in AppSec where most vendors want you to upload source code to their cloud for anything other than the most basic of scans.
Write the source code in some Assembler language (or even binary code ;-) ). Or use some obscure programming language that the vendor cannot scan, thus having a reason not to upload it.
In case you weren't being tongue in cheek, the purpose of the scan is to find security vulnerabilities so they can be rectified. If the scan cannot understand the code, it can't find the vulns that need remediation. Unfortunately, you don't even need to pick an obscure language. Almost all vendors of SAST products are chronically behind schedule on supporting the latest versions of languages and frameworks, and some of the biggest names have significant gaps in which commonly used languages they support.
> What happened to computers being just fun and a source of exploration and freedom?
Having this experience isn't any harder than it was in the old days, it's just that there are so many more people participating in computing in some form that it's harder to find the people who truly own their computing experience.
The companies that made "personal computing" easy enough for the masses want to profit off of that, and they've settled on strip mining data and robbing user control as the best way to make money. This leaves their mass-marketed version of "personal computing" a hollow shell of the original, but it doesn't remove the original.
You can still install a privacy-friendly Linux or BSD with only FOSS software. You can still self-host your data and retain full control and privacy. What you can't do is benefit from the ease of use that mass-market computing provides while still retaining full individual control.
That was never a thing. It was always an illusion for the advancement of artificial intelligence.
Why do you think they are going so hard on the Semantic Web shit? It's not for the disabled - it's for the blind, deaf and dumb AI that needs the entire content of the web to train on.
Friendly reminder that Apple shares their iCloud data (users' docs, pictures, messages, etc.) with the Chinese government in exchange for market access:
I think it's worth clarifying that this is just Chinese users, though that was probably clear to most. The Chinese and rest-of-the-world iClouds are completely separate.
It's very comforting to know that they treat the data of their Chinese users with such respect. For a company that insists on privacy being a human right, they sure do seem to have a flexible definition of human!
Is there any way to tell if your company has opted in? Mine makes a huge show of classifying Office documents and barking about the policies of what can be shown to outside people. It would be hilarious to find out that they've done this, and are letting Microsoft slurp up all the stuff that would get us fired if we sent it to an outside email address.
When I click "Design Ideas" (rightmost icon in Home ribbon), I get a prompt that says "This experience is unavailable. Your organization's admin has turned off the service required to use this experience."
This is despite both the Privacy -> "Turn on Optional connected experiences" and
"Automatically show me design ideas" options being modifiable by me (and give the same results whether enabled or not), so I guess the Group Policy options are more fine grained.
In options (under General), I see there's a tick box for the feature, and it is checked. I have a button that says "Designer," and it seems to work. Nice! Next time someone in IT tells me something as moronic as "all web application authentication code must be written in C," or that "SAML authentication happens by adding a key to the HTTP header," -- both of which have actually happened -- I'll have a nice redirection to share.
This.
I've installed Linux+LO for years to a lot of people (also a couple times when it was in the earlier StarOffice incarnation, can't recall if under Windows or OS/2, certainly not Linux), being extremely clear on one thing: "this is not Microsoft Office, it's not as powerful as Microsoft Office and you may find some incompatibilities here and there (that was true especially during the old times), but the features 99% of users need are all here. Keep it for a while, and if it doesn't work for you, I'll install your Microsoft Office back for free and you lose nothing".
It was a success almost everywhere, but it's extremely important for "normal" users to be comfortable with the different tool; remember that we value privacy, Open Source, etc. they don't. If something that they don't perceive as important requires a change in their workflow, they'll refuse that, so I don't even talk them about different file formats and just set it up to read/write in MS Office formats from scratch.
> but the features 99% of users need are all here.
I cannot believe this, in particular for the comparison Excel vs. LibreOfice Calc: the latter is used insanely actively in the finance and insurance industries, thus any proper user sampling should bias towards these industries. On the other hand: users in these industries know Excel really well and use very advanced features of it.
That is true, but let's not forget that the userbase that needs only basic spreadsheet functions or simply a tool for writing text documents is vastly superior. One of my accountants used StarOffice like 20 years ago, and I recently serviced a business consultant office in which all machines had OpenOffice (installed before the LibreOffice split). Excel is for sure a monster feature-wise, but outside of certain niches the need of all those features is really low, then again many Office users didn't even know about its existence since all they need is to read and write text documents.
I have performed logistic regression in Calc, by using the Solver feature to find coefficients, after multiplying the input with them, passing the output to a sigmoid, and computing the mean squared error.
I suspect anything more advanced than this would be better worth implementing as a script, rather than using Excel.
The main arguments for Excel, that I suspect, would be better collaboration features (like comments and sharing and such), and better integration with other MS tools (Outlook etc.).
But even then, perhaps a script or Jupyter Notebook would be easier to work with (for diffs and version control that are not vendor-locked).
>
The main arguments for Excel, that I suspect, would be better collaboration features (like comments and sharing and such), and better integration with other MS tools (Outlook etc.).
No, the main argument why Excel is used in the finance and insurance industries is that many users know Excel really well.
I used libre office for years, but I switched for 2 reasons.
1: the export to docx had problems, and most publications require your submissions to be in docx format;
2: it gets laggy with large documents. This lag becomes distracting when writing novels. Seems to start around page 20-50 and gets worse and worse as you go.
I wish I had better alternatives to suggest.
I wish that publishers would stop demanding we submit our files in docx format.
To be fair I haven't used Writer much. I've used Calc a lot.
LO Writer can export to PDF when you need to preserve formatting. But if it needs to also be editable, I guess ODT is the only way. Maybe in light of the recent events you can convince your publishers.
About performance, you might want to give AbiWord a try also.
I hadn't noticed LibreOffice lags any worse than MS-office. But, if you haven't tried, for anything bigger than a chapter or so, do yourself a favour and try a "proper" typesetting system - LaTeX, SILE, or the like.
There will be a learning curve but I find my attention stays on the content, as I'm not continually distracted by the format issues that are better delayed until the text is complete.
You'll want a reasonable text editor with spell checker, preferably one that knows to ignore formatting commands. Note you will end up with PDF output - if you really have to submit docx, my condolences!
Big presentations at conferences may involve designers but there are surely many internal meetings at many levels that have a lot of PowerPoint and no designers.
About ten years ago, I worked at a company where we were prohibited from using any Microsoft products at all — in the name of security.
When I tell Windows-centric tech people that these days, they can't wrap their brains around it. There is no institutional memory of Microsoft's dumpster fire days.
390 comments
[ 2.2 ms ] story [ 1045 ms ] threadThis is like the firewall in windows 95: nice but useless.
GDPR technically does have real teeth, to the extent that one really shouldn't want to raise the ire of an EU Data Protection Authority. Unfortunately, enforcement to date, and the resulting fines, have been lackluster at best. When will people learn that disincentives like fines and such have to actually hurt to be effective in changing the behavior of corporations?
No, most companies don't get a massive fine in the first round, but I already see enough have gotten then that even Google now allows me to opt out with a single click :-}
That seems the salient issue today with regards to children and social media. Most of the giant social media companies profit from participants who cannot legally enrol.
But Dogbert's comment actually deserves a bit more than "try using common sense instead of set theory" :)
I tried thinking of classes of adults who lack capacity, other than the mentally unfit, senile or criminally insane.
There's a lot of young people who are "deemed to consent" (the passive weasel-words of filthy scoundrels) in higher education. I've written about Turnitin in the Times and the "very dodgy circumstances" in which students are inducted into university and then find themselves coerced into tacit agreement to use tools which massively violate their privacy and other rights. The same applies to Microsoft products where institutions block choice and force students use insecure products that they would refuse if exercising their better judgement.
Even if you think Microsoft doesn't have kill switches, it still isn't obligated to do business with them.
> The first time you try out Designer, it may ask your permission to get design ideas for you. If you want to use Designer, select Turn on.
https://support.microsoft.com/en-us/topic/53c77d7b-dc40-45c2...
I wonder when that is? Because I haven’t used PP yet, and it didn’t ask me. Of course, we use Office 365, and maybe my boss turned it on globally?
Does anyone know where the setting is?
If you’re on a work account, your admin may have enabled or disabled it already with GPO/MDM.
Yes.
> If you’re on a work account, your admin may have enabled or disabled it already with GPO/MDM.
It has to be a global Office 365 setting, my computer is not in the domain, I’m the only admin for it. That’s why I’m asking where the setting for the permission is, so I can have a look at it (I’m secondary admin for the O365 account) and potentially disable it.
It's part of "connected experiences" so this is the article on GPO: https://learn.microsoft.com/en-us/deployoffice/privacy/manag...
On a Mac, one thing to note is:
> If the user has an Office 365 (or Microsoft 365) subscription and is signed in with a work or school account, or if the user has Office LTSC Standard for Mac 2021 or Office Standard 2019 for Mac, then the user can't turn off connected experiences that analyze content.
And M365 is not a requirement because the Designer function clearly works on my machine.
Edit: Nvm, I think I am wrong.
https://www.investopedia.com/articles/investing/092616/how-i...
>Another way that insider trading can occur is if non-company employees—such as those from government regulators or accounting firms, law firms, or brokerages—gain material nonpublic information from their clients and use that information for their personal gain.
I'd suggest companies look into LanguageTool's "On-Premise" commercial offering or run the Java-based server themselves (with N-Grams). Is it as good as Grammarly? Nope, but it is "90%" as good and significantly more private.
---
[1]: https://support.google.com/a/answer/3407054?hl=en
0: https://workspace.google.com/learn-more/security/security-wh...
1: https://workspace.google.com/learn-more/security/security-wh...
Which it's not going to happen anytime soon, so PowerPoint can literally be a bomb inside their organizations they'll still insist in using it.
If these phone-home allegations are true it's one more case where you spend $50K in an hightech driveway gate but have no fence around the property.
I hope this submission is flagged and removed. Just because you don't like Microsoft doesn't mean such misrepresentation is okay.
This is a pretty huge exaggeration here. Closed rooms exists and are used when appropriate.
And just because something is enabled in the consumer version by default does not imply it's enabled and available in enterprise settings. Last time I dug through the office GPO templates - basically every phone home feature was easily disabled on an org level if desired.
Further - what do you think something like Google Slides is doing with your data? It's ALL stored on Google's servers by default.
I suppose it could/should be more obvious/explicit on the Designer pane itself, something like "This is an online feature that uses Microsoft's servers to generate recommendations", or a more user-friendly language.
Note however that the article is light on details; does it send a full content of slides? Some hash of text and images? A non-identifiable abstraction of layers involved? This could be done well or poorly.
(I don't think the submission should be flagged FWIW, but I agree that it's not of good enough quality to deserve great ranking; but that's of course subjective:)
Now, is it a glaring red pop-up? No. But IT department's can also choose to disable the feature if they don't want their company to use it.
https://support.microsoft.com/en-us/topic/53c77d7b-dc40-45c2...
Considering it has to be explicitly enabled and includes a privacy policy, I’m going to say it’s “blatantly obvious” to the user.
Can Microsoft use some other setting in Windows as justification for bypassing the permission step?
In short, I pretty strongly disagree. I think that if you had a hundred users look at that page or click through enabling the feature, and then asked afterwards how many of them thought that the feature was going to send their slides to Microsoft, at least 50 of them would be very surprised.
If to use the feature you are explicitly asked to turn it on, with an option to view a privacy policy, that is “blatantly obvious”. It isn’t hidden or buried under a dozen other settings when you install PowerPoint, it’s done at time of use.
How, exactly, would you want it to be more obvious? A big red box every time the feature is mentioned in the help site? Be realistic here; in terms of user consent this is perfectly fine.
I disagree.
> How, exactly, would you want it to be more obvious? A big red box every time the feature is mentioned in the help site?
Yes, more or less. I would be perfectly happy with a single red box at the top that says this feature sends the contents of your slide to Microsoft. I am not okay with linking to a privacy policy that nobody's going to read and pretending that that's informed consent.
As a user I'd like the ability to opt-in/out of this. I much prefer a privacy policy that captures all of it for the app. Otherwise, I have red boxes showing up non-stop using most apps. Can you imagine the sheer number of red boxes you'd get for Netflix the first few times you use it!
Of course it's impractical in today's environment, but I think we'd be in a much better place if we'd established early on the idea that a piece of software that massively violates your privacy (which is to say, all of them, nowadays) comes laden with a terrifying number of red boxes when you read its privacy policy.
[1] https://slidehunter.com/how-to-automatically-design-slides-w...
I don't know the wording for the dialog itself, so I will comment on this wording instead.
Asking permission to "get design ideas for you" is absolutely wrong. They are asking permission for the wrong thing. They should be asking permission to "collect content from your slides". They can then explain that the upside is that in return you get access to design ideas.
Depending on the context of the dialog an appropriate wording would be something along the lines of this: "In order to access design ideas, up-to-date slide contents need to be regularly sent to Microsoft servers. <Agree> <Cancel>".
edit:
- Would you like some chocolate sprinkles with that ice cream?
- Sure!
- Cool, <while sprinkling chocolate on your ice cream> it will cost $100 and your left kidney.
> get
We're not worried about get, but about send. Funny how they managed to omit the most worrisome term from their permission dialogue, huh?
This statement asks for permission to fetch data, not to upload my data.
Uploading data based on this statement is a blantant violation of customer expectations, so obvious you don't need to be neither a ux expert nor a lawyer to see it, you just need to read carefully.
We don't really know yet if your data/powerpoint content is sent to Microsoft, or if Powerpoint just goes out and looks for layouts, fonts, etc. without communicating any of your text.
If this claim was posted as a HN comment without citation or further explanation it would likely get flagged, why are submissions held to a LOWER standard?
I don't think we know the motivation of the submitter and we should not assume any motivation beyond introducing the link to the community to consider and discuss the content.
The article is very brief and seems to highlight that the designer suggestion needs to submit your slide content to make the suggestion. The question as to whether we consented suggests that we have (through the usual click through), but, to me, it is really asking something like 'do we understand the implications of our decision to consent?'.
I don't see anything being misrepresented nor do I infer there is some sort of anti-Microsoft (nor anti-anyone/anything) in the article. It does seem to suggest there is something for people to consider in that we often 'consent' without really thinking through the outcomes of what is supposed to be our willing, informed consent.
Too often we split into binary extremes when we should really take time to be thoughtful and considerate of questions being posed and where that consideration takes us and helps us to find insights and opportunities to improve ourselves. I encourage people to not automatically jump to our 'team position' (whatever that is).
I also believe it can be managed by policy.
MS FTE here, I have no direct awareness of how the feature works and am not affiiliated with Office - but I'm sad that something meant to _help_ people (if this raises hackles, I don't want to see what the OP says about the accessibility checks) is used to bludgeon my colleagues publicly.
- https://news.ycombinator.com/newsguidelines.html
I did. I guess the author didn't read the T&Cs.
Trying to call people out for not doing so or not understanding the technological reason why data is sent doesn't seem productive.
That being said, I still think theres more work to do, and arguably the hardest work is ahead.
For example, desktop environments are just wonky and buggy most the time, random games don't work, WINE is the worst piece of software on the planet, drivers suck, other random weird issues.
When was the last time you have tried linux? With exception of wine, which on its pure form is indeed annoying, nothing else is true. Gnome/KDE/Cinnamon are just fine (not my cup of tea but far from buggy/wonky). I have no problem gaming even on i3. For driver on many distro you can check a box to install the proprietary Nvidia driver.
You can use lutris to easy the pain of wine, and if you use proton on steam you are just have to click install like windows. You can check here the compatibility:
https://www.protondb.com/
Also let's not pretend that windows is walk in the park. I have had my share of problems with drives/games not working on windows as well. That is just the nature of trying to run games on PC. It ain't never gonna be as easy as on consoles.
Of course it depends on the DE ou're using, but I'd encourage you to give it another shot. This was certainly the case at one time, but I tried Fedora earlier this year and was shocked by how stable the UX is. Not even in the "wow, this is nowhere near as buggy as it used to be" way. I can't speak for all distros, and I do know some which are less than perfect, but Fedora at least was certainly an eye-opener.
> random games don't work, WINE is the worst piece of software on the planet, drivers suck
I get why you, as the end user, wouldn't care about excuses, but to be fair none of these are entirely the fault of linux because they're trying to get things to work that the original developer didn't intend to run on linux.
It'd be like blaming Microsoft for MacOS apps not working on Windows, or visa versa. Again, as the end user thats not really your problem, if you need to run a piece of software and the OS doesn't run it, it doesn't really matter why, but I don't think this is an example of buggy software on the side of linux devs.
It's true though. The Steam Deck is amazing, most games just work.
I agree that the GUI part is subjective. I find even the jankiest of Linux DEs to be better than Windows 10 and 11. I still find macOS quite superior, and the one area where this is not going to change any time soon is the cohesion of UI/UX between different apps and the OS.
Performance is unbeatable on Linux. Reliability depends a lot on the hardware and distro. This fragmentation makes it less approachable "on the desktop".
Cohesion is without a doubt better on MacOS, though again linux is getting closer. A small thing I wish I didn't notice as much as I did is the "top bar" on not-so-well built electron apps. Apps like VSCode and Electron handle this really well, but others don't (Simplenote is the only one that comes to mind). On Windows, this results in a really very striking white top bar, fine if you use a light theme, not so much for dark theme. On linux, or at least gnome, the top bar (whilst being a bit too big for my liking) much more seamlessly integrates with the rest of the OS.
and your dangerous general purpose legacy hardware will not save you from that, as it will be impossible to access the internet with a device that doesn't disclose your identity. to combat disinformation and hate speech, of course.
you vill ovn nothing, und you vill be happy.
and prove the software that's supposed to be running is running.
I don't have a link to that exchange handy, but this for the first time drove home to me the realization that we have a whole generation of people brought up on Internet streaming services, who may not even realize that it's not only possible for the media to be stored locally on their machines, but it's in fact the natural state for data.
For example there have been numerous claims made previously that link ANY network traffic to a supposed invasion of privacy, but once you delve into the underlying traffic it isn't nearly as nefarious as it initially seemed.
This article is telling you to "open up the network monitor of your choice" but network traffic and CONTENT are apples Vs. oranges, and yet we're meant to draw conclusions from that? We're meant to know Microsoft are taking your slide's content whole-hog? Isn't that yet to be determined?
That being said, I don't doubt that they do :)
The Microsoft website says it "analyses your data": https://learn.microsoft.com/en-us/deployoffice/privacy/conne...
Would it just be encoded and Wireshark could decode it out of the box?
Chrome:
Settings > Sync and Google Services > Make searches and browsing better
Edge:
Settings > Privacy, Search and services > Personalize your web experience
Enterprise data security on the "MS Office level" at this point is like driving 60 mph on a road with no lane dividers. You just pray that you never meet a drunk driver or someone texting in oncoming traffic who suddenly swerves into your lane. You pray that none of your employees click the wrong button and bankrupt the company.
I work in healthcare, and the legal department bars me from using Google Analytics for HIPAA reasons.
Meanwhile, IT made Chrome the only browser the employees are allowed to use on every Windows machine in the org.
[1] https://www.hhs.gov/hipaa/for-professionals/covered-entities...
I didn't capture and inspect the traffic myself, but https://support.office.com/client/53c77d7b-dc40-45c2-b684-81... makes the feature sound like it's built into M365 and not sending data to some centralized web service.
What this means is that healthcare providers have annual audits performed by third parties who check compliance with these "best practices" which may or may not have any relation to what the lawmakers intended. Its ultimately about checking boxes. yada yada security is hard. You can't write a law that describes a security posture and expect to be relevant for more than a year at most.
Windows 10 has only made the problem worse. The last desktop PC I got from my company's IT department had windows 10 on it and it was configured to send every last keypress to MS. Why they had the Windows 10 keylogger enabled I'll never understand, but at least it was easy enough to disable.
That’s somewhat funny, because a Landesstraße in Germany has no lane dividers and the speed limit is 100 km/h (about 60 mp/h).
Unless I’m misunderstanding and lane dividers mean the printed lines.
Also, only about 70% have no speed limit. https://en.wikipedia.org/wiki/Autobahn (ctrl+f "No speed limit" for a nice table)
Well, we also have plenty of really narrow roads on the countryside, with no lane divider, no printed lines and - no speed limit, where you could do 100 km/h, as well.
(And well, some people do, but if you crash, it would be also legally your fault, for not having the adequate speed, even if there is no formal speed limit. Which is a nice counterexample to the usual, everything is forbidden unless it is explicitely allowed mentality)
My point is that your only "defense" against oncoming drivers on such roads is to pray that they stay in their own lane. This mostly works because people are mostly sober and undistracted and not malicious. It is kind of terrifying when you start to think about it.
In compare, on the Autobahn, which always has dividers but often has no speed limit at all and is not below 100 km/h under normal circumstances there were "only" 318 deaths.
Source (German language, Federal Statistical Office): https://www-genesis.destatis.de/genesis/online?operation=abr...
I do wonder how many of those accidents are related to cars overtaking others.
In many cases the roads are also used by cyclists or agricultural vehicles which many drivers feel compelled to overtake, which can be dangerous because of limited vision and the need to switch onto a lane that may contain oncoming traffic.
Compared to the Autobahn, Landstraßen are chaotic and often dangerous, not just for the people driving on it.
Also 744 < 606 + 318 so it doesn't even seem to be "more than half" even with some road types missing.
Edit: As was pointed out elsewhere, the phoning home stuff can be turned off at org level. So MS will not be affected by any fallout of potential export control violations.
The entire Department of Defense runs on PowerPoint, along with all of their contractors. It is not at all uncommon to produce slide decks that are either classified or covered by ITAR; this is a disaster waiting to happen.
But Microsoft generally supports policies for enforced disabling features like the one referenced in the post. Similarly, data exfiltration from managed to non-managed devices is an entire cottage industry. And generally that's why govt employees are expected to use separate, locked down devices where their compliance-obsessed (hopefully, but not always in practice) admin has total root.
And I don't believe you're implying this, but certainly I don't think it makes sense for companies to _not_ build internet/cloud-connected experiences and features just because there's a possibility that govt officials won't follow their own security policies and best practices.
From the perspective of Classified Data this SHOULD not be a problem, but I highlight the "SHOULD" because sometimes these barriers get crossed unintentionally. Mission briefings, etc. may accidentally leak info, and those are almost all PowerPoint.
For the ITAR data though, that's absolutely not only on isolated networks.
I bet that is less than .01% of all power points created in the world
But it's not because there aren't sufficient consequences. Memory leaks don't properly crash the company as they should.
I suspect you mean data leaks, in the context of your comment. But memory leaks should be a thing of the past also - they hint at the quality of the underlying code.
Typically, companies just worry about about liability leaks. Which they take seriously enough to dedicate a lot of lawyer time to plugging redundantly with innocuously vague disclosure wording, terms of service wording, difficult to find and inconvenient to use opt-out tools, etc.
I've seen people vehemently argue that merely checking if a new version is available amounts to horrible invasive unethical tracking. You might want to turn that off for the truly paranoid situations, and that's fair, but it's of course completely different than "sends all your data".
I don't have a Windows machine and I certainly don't have PowerPoint, so I can't actually check anything myself. But I see a lot of confirmation biasing going on in this thread, and I bet most people didn't check anything either. All I can give this article is a shrug.
Producing more evidence is left as an exercise at this point.
Edit: no more posts allowed for me. Reply below:
That’s exactly what telemetry is, today. Grammarly built a whole business on this. Copilot, etc.
Refusing to believe that times have changed because you’ve not been paying attention, is not a compelling argument.
And to reply to your reply:
> That’s exactly what telemetry is
The common understanding of telemetry is sending metadata about how people are using software. That is, things like "this button was clicked", "this feature was used", etc. That is my understanding of the word anyway.
Either way, this is a bit of a boring semantic discussion; my point is just that there is nuance to these things, and that this article doesn't really tell us anything concrete beyond "the network is used". Well, okay ... but for what, exactly? Because that does matter.
The article states that text content is being sent, and that it makes sense according to the touted feature. Enough details given what we already know, though stingy.
More info would be useful to folks less familiar with the subject however the core issue here is somewhat old news.
Hahaha, I've been there. And in an open-source code base, no less! We were using a closed-source library to actually send the version data up to the telemetry service we were using, but the payload and how we were handing it to that library were clearly defined in our own source. We even had to request a correction to a major IT news outlet because they had some vague language about "and no one could possibly know what kind of telemetry $BigCorp is sending, and it can't even be disabled". Both were demonstrably false: the payload was visible in OSS, and we had a well-documented env variable that you could use to disable the version telemetry before you first start of the application (which was linked from the graphical installers as well).
In this case, I think the entire content payload is probably being sent up--if you've ever used this PowerPoint feature, it's clear that they're suggesting icons and themes based on the words in your slide--but there's a clear as day prompt explaining what's going on when you first enable the feature.
I'd _prefer_, of course, that Microsoft figure out how to bring the model onto the device so you _don't_ have to go off-box. Google managed to pull this off with the Now Playing feature on their newer Pixel devices[1]. But it is really hard, and I do somewhat understand the business aspect of "that's our secret sauce, we don't want to give it away".
[1] https://www.androidpolice.com/if-your-pixel-cant-tell-what-s...
Kind of like granular oauth permissions, apps should have to declare which outgoing they have, a description/why, and allow inspection of the actual traffic.
What Adobe CC, Google Chrome, MS Office, and macOS/Windows itself do with this background network connectivity is completely out of control and abusive to the user. They get away with it because the vast majority of users are non-technical and don't realize it's happening.
I've profiled and decrypted the background traffic on a stock Android install and the volume was also appalling. Getting macOS to 0 background traffic involved blackholing large Apple IP blocks at the router, whereas some of their processes use random IPs from these ranges and don't use DNS.
Just as the general public doesn't have the awareness or ability to fight for their privacy rights I doubt any of this will ever be remedied.
I'm not sure of that. Provided you can add a cert to your OS, you should be able to get away with a piece of protocol downgrade network gear that you can then pipe to a different (ideally, offline other than UDP receive) computer for analysis.
You'd need to disable HSTS, but other than that I think it should be the solution you're looking for. Oh, and for good measure, ethernet cable instead of wifi.
Of course for obvious reasons, few commercial apps would actually use this API unless they have some other incentive.
In TLS, the client authenticates server, then they both agree to use a key for the session; the OS can get a hold of this key (this is usually a bad move because then any captured traffic frames could be later decrypted).
It's a long time since I looked, but I think some apps (mainly ones not using native APIs) only showed the hostname, rather than full URL/API endpoint path.
This also didn't show you the content, or method type (POST vs GET), but to do that you'd really need to start doing proper SSL inspection as you suggested.
Microsoft's OS.
It would be asking Microsoft's OS to tell it about traffic Microsoft's software wants to keep secret.
I'm sure there's a world where that isn't a laugh line, but I certainly don't live there.
Yes, I know that's not completely true. I _could_ use Linux (I even used Solaris on a notebook for 2 years in the past and I survived) but the cost in terms of effort, lost productivity would be higher than I'm ready to pay. It's a rational choice.
Are you sure of this? Wine (or Proton for graphics stuff) is pretty good.
Also someone told me here that LS should be considered harmful.
The implications of this are unclear. I like blowing these claims out of proportion, but in reality we genuinely have no idea what this means. It could simply signal that Apple is complicit with benign cloud-storage security procedures enforced by the USA. It could also mean that the US has carte-blanche access to iCloud data and decryption keys. You're free to draw your own conclusions, but the surrounding context seems to imply that Apple has an under-the-table relationship with our government (as does most of the tech industry, surprise surprise).
Oh, and I don't really know/care if LS is harmful. You should be aware that it's not going to outsmart Apple if they want to collect your info, though. They have kernel-level networking access, which companies like Microsoft have abused in the past to collect telemetry on crafty users. It's probably not harmful, per-se, but your perception of it as an impassible wall might be.
To prevent standard data leaking or rather stealing like in this case, linux is a quite solid choice.
But if you think you are a high profile target, you should probably learn how to deactivate Intels ME and co.
And if you are really paranoid, you should assume that there are hardware backdoors. But what do you do then? Build your computer from scratch?
Multiply that by all the multibillion dollar other companies, the tens of thousand open source focused smaller and large companies, the hobbyists, the enthusiasts, the CS professors, the CS undergrad and grad students, the PHD candidates who would be thrilled to discover a flaw on the basis of which they could write their thesis, etc. and I think one can have a fair degree of confidence.
There’s still a decent chance something would be missed. But it’s much smaller than the chance that the proprietary OS owners, whom we know for a fact phone home and have been trying to collect increasing amounts of data, are sending stuff we may not know about.
Many world-class companies depend on Windows, so does that mean you think Windows is safe?
An individual does not have the same access to custom tools, and teams of competent people, that ensure their usage of the Linux ecology is secure.
A recent example: I was investigating using CloudFlare Functions, because I think CloudFlare has world-class security and that “serverless” product avoids many security issues I might have with other solutions. Yet one setup step suggested piping in a script from curl to shell (commonly suggested for install steps!). Even worse, https://github.com/cloudflare/wrangler2 is their CLI tool to help development, and Wrangler is based on the node ecology, which is completely insecurable as an individual developer IMHO (trillion dollar companies can probably secure the dev environment). I use a VM to provide some sandboxing, but it still leaves me feeling icky.
The real answer IMHO is to control your networking stack outside of your computer instead. Firewall that and you have way better security
You could add large amounts of text and see if the packets increase proportionally.
You can perhaps analyze which apps or extensions are sending packets.
This post doesn’t provide enough information of value
Batching very commonly obscures this kind of UI interaction reporting.
But yeah - whatever you are running on that box better be legit!
You may instead want to look at the bootstrapping work done using stage0, m2-planet, GNU Mes, etc.
https://bootstrapping.miraheze.org/wiki/Stage0
https://guix.gnu.org/manual/en/html_node/Reduced-Binary-Seed...
It starts with a hex monitor of less than 500 bytes and bootstraps all the way up to gcc, all from source.
... with a compiler you wrote yourself. In assem-- uh, in hexade... no. With toggle switches.
If you want to you can do that with Linux.
Sure you'd need to use the CLI, and a combination of tools but you can pinpoint every packet to an associated process and if you add your self made cert to trusted certs, then you can decrypt TLS as well in most cases.
It is not impossible but it is far from easy. If the application uses statically linked SSL client (as it should if it is commercially distributed) then you have to modify the application (for example in memory) to get a copy of everything that gets written to the SSL stream.
For this to work well, all your apps need to run with not being able to do their own TLS, but to various (reasonable) reasons a lot of applications today do their own TLS.
You also don't want to add self-signed certificates, but grab the traffic _before_ it gets encrypted IMHO.
In some cases it's still quite viable, like if they dynamic link to OpenSSL (or similar) you could create a facade which allows grabbing traffic.
But things get problematic when it's statically compiled in and not open source.
Additionally there are quite a bunch of use-cases where the encryption is not TLS, like e.g. with some WebRTC applications it's not uncommon to have an encrypted channel we could access to a broker server but in that channel E2E encrypted messages are send e.g. using libsodium statically compiled in.
that would be ideal but self signed + added to trusted store works
> Additionally there are quite a bunch of use-cases where the encryption is not TLS, like e.g. with some WebRTC applications it's not uncommon to have an encrypted channel we could access to a broker server but in that channel E2E encrypted messages are send e.g. using libsodium statically compiled in.
yeah youre right.
In other cases the only options we have are ld_preload to catch encryption lib. If that doesnt work we can still use ptrace to capture syscalls but encryption will be done in userspace so capturing network activity wont help us with encryption.
Like the other guy said, the info we can gather is still useful.
Reverse engineering + modyfing the binary is a possibility too but it gets complicated fast, especially if they intentionally try to protect it. I feel this isnt really an issue with jvm or interpreted langauges but with the others its hard especially if theyre statically linked. C/C++ have good enough decompilers that its still possible, I don't know about Go/Rust tho.
https://github.com/henrypp/simplewall
> Keep in mind, simplewall is not a control UI over Windows Firewall, and does not interact in any level with Windows Firewall.
> It works over Windows Filtering Platform (WFP) which is a set of API and system services that provide a platform for creating network filtering applications. Windows Filtering Platform is a development technology and not a firewall itself, but simplewall is the tool that uses this technology.
No:
"simplewall is not a control UI over Windows Firewall, and does not interact in any level with Windows Firewall"
If you don't trust MS, don't use windows or at least never ever let connect to the internet. In a fight between you wanting to keep your privacy and an OS designed and determined to exploit you for profit, you will always lose.
What if you didn’t use PowerPoint?
Seems much simpler.
Also, maybe the data makes PowerPoint good? Or better?
Alternatives to PowerPoint: won’t all of the viable ones be hosted on the web?
What do you want? You can install PowerPoint 97. No one is stopping you.
https://github.com/evilsocket/opensnitch
I still recall the old days of Windows when I tried Kerio Personal Firewall and realized how much software already phoned home two decades ago. That was the last wake up call that pushed me into getting rid of closed source software, possibly also hardware, especially when they connect to the internet.
But, I haven't noticed slowdown either; I wonder whether its because I always keep the OS window open?
https://linux.die.net/man/8/iptables
But was disappointed by the note:> NOTE: pid, sid and command matching are broken on SMP
That's a really outdated version of the man page. The current one is: https://ipset.netfilter.org/iptables-extensions.man.html
Probably the closest thing these days is to use the cgroup match extension, together with something that makes sure separate apps are moved to their own cgroup. But that cgroup would be under a separate parent cgroup for each user so it's not ideal.
I expect NFQUEUE or some EBPF magic is a better way to do things - you don't want to be constantly adding/removing per-process iptables rules.
The iptables rules can be converted directly to nft with iptables-translate and the syntax is more simple.
Firejail [2] and Bubblewrap [3] can put limits on application capabilities and/or take away network access. Firejail has default policies for many applications, all of which can be overridden by user configurations in their home directory. Firejail leverages Linux Capabilities and AppArmor. For example, when I launch VLC even if it were configured to pull down album information, it could not. If one day they added default-enabled telemetry to VLC it would go nowhere.
A round-about and heavy handed way to manage communications by PID would be to isolation applications in their own VM or container and map the VM or container to a unique user or group.
[1] - https://ipset.netfilter.org/iptables-extensions.man.html
[2] - https://github.com/netblue30/firejail
[3] - https://github.com/containers/bubblewrap
But does it have any sense? Usually you block inbound connections, allowing only certain services. If a rogue process starts listening on a local port, you could display a warning alert, and as inbound connections are already blocked you'd be safe (as long as you trust netfilter...) and you wouldn't need to ask the user to perform an action.
To get around the slowdowns, I made an alternative program called picosnitch which only monitors connections since I just stop using anything I don't trust or move it to a sandbox. It also uses BPF, has fairly low CPU usage, and some other features for improved reliability and detection of programs.
Then any program that is not run inside the namespace with configured virtual network interfaces can see only unconfigured interfaces, so it will not be able to open and connect sockets.
The Internet browser and any other program that needs network access, e.g. a NTP server, DHCP client, e-mail client etc., can be run inside the namespace with an IP-configured network interface.
The same could be done in FreeBSD by using a jail for the programs that need network access.
Obviously, this would not be enough to prevent network access for a program that would be aware of this configuration and would try to circumvent it, because such a program could list the network namespaces and try to execute itself, or another helping program, inside the network namespace. For complete isolation, all the programs for which network access is not desired would have to be executed inside a distinct namespace. That requires a more complex configuration.
(Lessons have already been learned of course)
I don't think adding technical layers to block these data leaks is going to work long term.
Portmaster 1.0 – Open-Source Network Monitor and Privacy Firewall https://news.ycombinator.com/item?id=33481518
Disclaimer: I'm the CTO.
Just like PayPal. There's a table you can bring up that lists everyone you ever engaged with on paypal for recurring pricing, and deactivate them.
I've wanted exactly what you describe for years. Little Snitch taught me that there's just too much data that isn't organized properly. Even if you get down to the app level (like PowerPoint), it is still transceiving a lot of data. How do you tell what is necessary and what is dubious telemetry?
Why not set the Windows computer's gateway to a computer that the user can properly control, i.e., do not give the Windows computer direct access to the internet.
Windows is an OS that was created before the public had access to the internet.
It worked just fine "offline", i.e., connected to a LAN but not an internet.
Same for the Mac.
To be honest, I cannot think of many PowerPoints that needed internet access, at least not in the fields I have worked in.
Obviously, "tech" companies want personal computers to be online for every waking moment of their owner's day. Neverthless it is in fact possible to "block", i.e., not assent to, much of this outgoing transfer of personal data/metadata to "tech" companies at the user's expense. I have been doing it for over 20 years. With few exceptions, I inspect all HTTPS traffic that I allow over the networks I control. The "tech" companies gathering this data do not pay for the user's internet or cellular service. The user covers the cost of the data transfer.
Change begins with the people who know how to make it. For example, it is not difficult to stop PowerPoint from phoning home. Why go along with it. But when those with the requisite knowledge year after year make statements on HN how it is futile to thwart any personal data mining because it is not 100% "perfect" solution,^1 I have been seeing these comments on HN for many years, then it is arguable this becomes a self-fulfilling prophecy.
The "majority of people", "general public", etc., do not know they have a choice. They will use whatever is presented to them. What happens when those who do know there is a choice go along with what "tech" companies present to them. They are in no position to blame "the majority".
Certainly, those working at or investing in "tech" companies would welcome a lax attitude toward avoiding data collection. "Nothing is going to change because no one cares." Tell that to Zuckerberg after Apple prsented its customers with the means to "block" some of Facebook's data collection.
https://www.cnbc.com/2022/02/02/facebook-says-apple-ios-priv...
1. All-or-nothing, black-and-white, binary style reasoning.
https://news.ycombinator.com/item?id=33481518
At some point phoning home was a sin for software. Sadly that changed, also because of the naivete of some developers.
I tend to just mitm said talkative devices and drop packets -- it is alarming the amount they want to phone home.
[0]: https://support.microsoft.com/en-us/office/linkedin-in-micro...
What happened to computers being just fun and a source of exploration and freedom?
Microsoft, Gooogle, Apple all constantly push their cloud based accounts … where everything is tracked.
Atlassian should have better bet on their Server solutions, but they really really wanted to be a cloud operator. “For strategic reasons.” Maybe for governmental reasons, who knows.
Given the barn storming financial performance of other cloud operators and Atlassian's impressive record in (un)reliability, I think investors are quite aware that converting people to the cloud is going swimmingly most places that aren't Atlassian.
Write the source code in some Assembler language (or even binary code ;-) ). Or use some obscure programming language that the vendor cannot scan, thus having a reason not to upload it.
Having this experience isn't any harder than it was in the old days, it's just that there are so many more people participating in computing in some form that it's harder to find the people who truly own their computing experience.
The companies that made "personal computing" easy enough for the masses want to profit off of that, and they've settled on strip mining data and robbing user control as the best way to make money. This leaves their mass-marketed version of "personal computing" a hollow shell of the original, but it doesn't remove the original.
You can still install a privacy-friendly Linux or BSD with only FOSS software. You can still self-host your data and retain full control and privacy. What you can't do is benefit from the ease of use that mass-market computing provides while still retaining full individual control.
Why do you think they are going so hard on the Semantic Web shit? It's not for the disabled - it's for the blind, deaf and dumb AI that needs the entire content of the web to train on.
https://www.nytimes.com/2021/05/17/technology/apple-china-ce...
https://www.apple.com/legal/privacy/law-enforcement-guidelin...
Apple shares with the CCP for all users by default.
Not that I really disagree. I wish more companies would refuse to do business under those kinds of conditions.
This is antithetical to Apple's privacy branding.
Looks like these instrucitons should help you check:
https://learn.microsoft.com/en-us/deployoffice/privacy/optio...
This is despite both the Privacy -> "Turn on Optional connected experiences" and "Automatically show me design ideas" options being modifiable by me (and give the same results whether enabled or not), so I guess the Group Policy options are more fine grained.
https://libreoffice.org/
It may be glitchy in some areas, but I've been using it since graduating high school, and I can do whatever I want with it.
I cannot believe this, in particular for the comparison Excel vs. LibreOfice Calc: the latter is used insanely actively in the finance and insurance industries, thus any proper user sampling should bias towards these industries. On the other hand: users in these industries know Excel really well and use very advanced features of it.
I suspect anything more advanced than this would be better worth implementing as a script, rather than using Excel.
The main arguments for Excel, that I suspect, would be better collaboration features (like comments and sharing and such), and better integration with other MS tools (Outlook etc.).
But even then, perhaps a script or Jupyter Notebook would be easier to work with (for diffs and version control that are not vendor-locked).
No, the main argument why Excel is used in the finance and insurance industries is that many users know Excel really well.
I'm on linux desktop now and this lets me read and write MS office files and works quite well.
1: the export to docx had problems, and most publications require your submissions to be in docx format;
2: it gets laggy with large documents. This lag becomes distracting when writing novels. Seems to start around page 20-50 and gets worse and worse as you go.
I wish I had better alternatives to suggest.
I wish that publishers would stop demanding we submit our files in docx format.
LO Writer can export to PDF when you need to preserve formatting. But if it needs to also be editable, I guess ODT is the only way. Maybe in light of the recent events you can convince your publishers.
About performance, you might want to give AbiWord a try also.
There will be a learning curve but I find my attention stays on the content, as I'm not continually distracted by the format issues that are better delayed until the text is complete.
You'll want a reasonable text editor with spell checker, preferably one that knows to ignore formatting commands. Note you will end up with PDF output - if you really have to submit docx, my condolences!
When I tell Windows-centric tech people that these days, they can't wrap their brains around it. There is no institutional memory of Microsoft's dumpster fire days.